Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
-
submitted
02/02/2025, 17:32
General
-
Target
amen.mips.elf
-
Size
127KB
-
MD5
df3a749995db5f1fe606411d6ef06f63
-
SHA1
8fc4ae89bcb8aa5a93561d6905a2a449d8f8986b
-
SHA256
52a7d50e33305838fe74c586720d393d929b859d4af1d5dd855e5c5f55c52e8b
-
SHA512
ad014ddf381aefe4656b27404b84f205c330e520ef4b4dd5e0d8cb2816d9be8811893c8b5008031ea94bb8227159f4bf56ac3adcd6fada141cb1500c6bff0552
-
SSDEEP
1536:YF/wpr/jUDL8z3dKVKy9UxZ3aRoO8htUS+I6Y17UEAhk6/pAo/xVQUHcO:YetgUo4ZX7htFgYWF/pACcO
Malware Config
Signatures
-
Contacts a large (178870) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Traces itself 1 IoCs
Traces itself to prevent debugging attempts
-
Reads process memory 1 TTPs 24 IoCs
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-
Changes its process name 1 IoCs
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
Processes
-
/tmp/amen.mips.elf/tmp/amen.mips.elf1⤵
- Modifies Watchdog functionality
- Traces itself
- Reads process memory
- Changes its process name
- Reads runtime system information
- System Network Configuration Discovery