Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    09/02/2025, 10:06

General

  • Target

    Hgf.x86.elf

  • Size

    23KB

  • MD5

    fa610cec756d9e59636749bc787ee6ac

  • SHA1

    5471e0a2d2bd635df8b574c78c0cc39d1d40a8f6

  • SHA256

    602f8076ed24db46164f6633dd50fcfbe27efd51eadb0f61d58d6814e0ea5439

  • SHA512

    3aa1b40fe2f033a7e08c699cac912700552d878cb783db55f88ee8a1dce04fa824ced78fe066a4826c61a8575726430d5ce7ebfe6336467b5cb6c7707235417c

  • SSDEEP

    384:Mjjnjb1wD8dXBxjr63hZV3xON3/5ykLGQnzscaGjGYiyWjek8iLV3HKGD:Kjb1wD8hjQbV3xW/AEGEzhaOTiNjeJiv

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

cnc.stressamp.com

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Contacts a large (75233) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads