Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

b8304758ba...b10.sh

ubuntu-18.04-amd64

7

b8304758ba...b10.sh

debian-9-armhf

7

b8304758ba...b10.sh

debian-9-mips

1

b8304758ba...b10.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8304758ba0ef14fcf89a16a4009fc61cbf6528c96f7712fd2151d6ce56e8b10.sh

  • Size

    15KB

  • Sample

    250224-d3khhaznhj

  • MD5

    5c7695eb0cb4bd732a40d6dbacdb2c91

  • SHA1

    8c29d17dfe29647f1bac526582c0d1ba25234859

  • SHA256

    b8304758ba0ef14fcf89a16a4009fc61cbf6528c96f7712fd2151d6ce56e8b10

  • SHA512

    72bf3de5d6f92aa05246a9c4c9002a5e96b7cf5eb8f92662a68ea519ea9d11cfedd1766817ae94e588457420ceceb51be2a98516bc4869b09c1450be6922b55a

  • SSDEEP

    384:r5JxgzLuqlH2wx2vUaQa5/eN86704s80ooJQYgykWT4yCtvUsDjdWOoJw7:trgXux7YJDj8OoJw7

Score
10/10
kinsingkinsing_rootkitdefense_evasiondiscoverylinuxloaderprivilege_escalationrootkit

Malware Config

Targets

    • Target

      b8304758ba0ef14fcf89a16a4009fc61cbf6528c96f7712fd2151d6ce56e8b10.sh

    • Size

      15KB

    • MD5

      5c7695eb0cb4bd732a40d6dbacdb2c91

    • SHA1

      8c29d17dfe29647f1bac526582c0d1ba25234859

    • SHA256

      b8304758ba0ef14fcf89a16a4009fc61cbf6528c96f7712fd2151d6ce56e8b10

    • SHA512

      72bf3de5d6f92aa05246a9c4c9002a5e96b7cf5eb8f92662a68ea519ea9d11cfedd1766817ae94e588457420ceceb51be2a98516bc4869b09c1450be6922b55a

    • SSDEEP

      384:r5JxgzLuqlH2wx2vUaQa5/eN86704s80ooJQYgykWT4yCtvUsDjdWOoJw7:trgXux7YJDj8OoJw7

    Score
    10/10
    defense_evasiondiscoveryprivilege_escalationrootkitkinsingkinsing_rootkitloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Kinsing Rootkit

      Rootkit reuses the publicly available BEURK rootkit.

      rootkitkinsing_rootkit

    • Kinsing Rootkit payload

    • Kinsing family

      kinsing

    • Kinsing payload

    • Kinsing_rootkit family

      kinsing_rootkit

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Flushes firewall rules

      Flushes/ disables firewall rules inside the Linux kernel.

      defense_evasion

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

      privilege_escalationdefense_evasion

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks