Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
09/02/2025, 10:06
Behavioral task
behavioral1
Sample
Hgf.x86.elf
Resource
ubuntu2204-amd64-20240611-en
General
-
Target
Hgf.x86.elf
-
Size
23KB
-
MD5
fa610cec756d9e59636749bc787ee6ac
-
SHA1
5471e0a2d2bd635df8b574c78c0cc39d1d40a8f6
-
SHA256
602f8076ed24db46164f6633dd50fcfbe27efd51eadb0f61d58d6814e0ea5439
-
SHA512
3aa1b40fe2f033a7e08c699cac912700552d878cb783db55f88ee8a1dce04fa824ced78fe066a4826c61a8575726430d5ce7ebfe6336467b5cb6c7707235417c
-
SSDEEP
384:Mjjnjb1wD8dXBxjr63hZV3xON3/5ykLGQnzscaGjGYiyWjek8iLV3HKGD:Kjb1wD8hjQbV3xW/AEGEzhaOTiNjeJiv
Malware Config
Extracted
mirai
BOTNET
cnc.stressamp.com
Signatures
-
Mirai family
-
Contacts a large (75233) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/misc/watchdog File opened for modification /dev/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself /var/Sofia 1566 -
description ioc File opened for reading /proc/1164/cmdline File opened for reading /proc/215/cmdline File opened for reading /proc/498/cmdline File opened for reading /proc/522/cmdline File opened for reading /proc/590/cmdline File opened for reading /proc/635/cmdline File opened for reading /proc/746/cmdline File opened for reading /proc/771/cmdline File opened for reading /proc/1555/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/415/cmdline File opened for reading /proc/641/cmdline File opened for reading /proc/957/cmdline File opened for reading /proc/1142/cmdline File opened for reading /proc/1192/cmdline File opened for reading /proc/1556/cmdline File opened for reading /proc/86/cmdline File opened for reading /proc/225/cmdline File opened for reading /proc/409/cmdline File opened for reading /proc/716/cmdline File opened for reading /proc/1126/cmdline File opened for reading /proc/1162/cmdline File opened for reading /proc/1452/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/211/cmdline File opened for reading /proc/1254/cmdline File opened for reading /proc/1261/cmdline File opened for reading /proc/93/cmdline File opened for reading /proc/119/cmdline File opened for reading /proc/315/cmdline File opened for reading /proc/499/cmdline File opened for reading /proc/1038/cmdline File opened for reading /proc/1276/cmdline File opened for reading /proc/1570/cmdline File opened for reading /proc/80/cmdline File opened for reading /proc/83/cmdline File opened for reading /proc/114/cmdline File opened for reading /proc/517/cmdline File opened for reading /proc/972/cmdline File opened for reading /proc/1077/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/159/cmdline File opened for reading /proc/636/cmdline File opened for reading /proc/1054/cmdline File opened for reading /proc/1166/cmdline File opened for reading /proc/74/cmdline File opened for reading /proc/81/cmdline File opened for reading /proc/110/cmdline File opened for reading /proc/197/cmdline File opened for reading /proc/213/cmdline File opened for reading /proc/1439/cmdline File opened for reading /proc/866/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/160/cmdline File opened for reading /proc/203/cmdline File opened for reading /proc/207/cmdline File opened for reading /proc/209/cmdline File opened for reading /proc/413/cmdline File opened for reading /proc/454/cmdline File opened for reading /proc/1176/cmdline File opened for reading /proc/1344/cmdline File opened for reading /proc/1487/cmdline File opened for reading /proc/1554/cmdline