Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

d086a222af...6e1.sh

ubuntu-18.04-amd64

10

d086a222af...6e1.sh

debian-9-armhf

7

d086a222af...6e1.sh

debian-9-mips

7

d086a222af...6e1.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d086a222af2a7db6f5b8e09fddef0fbc47b8adec462550c6cad677f26a2a16e1.sh

  • Size

    35KB

  • Sample

    250224-ea5teayqe1

  • MD5

    69e6c91f00b3d4c85591757a37b83f54

  • SHA1

    35ad9a3795949925c2f6959dd88d318ecf92bf91

  • SHA256

    d086a222af2a7db6f5b8e09fddef0fbc47b8adec462550c6cad677f26a2a16e1

  • SHA512

    9d6cbb5d7146bfbdbd31b36b5b25806dd7b162508c96f77123182defcb08a7b72a2ea0e2bdfbfe69a6f6cc37fd2652e8375f821a463848a5f4ebbcf19ce315a3

  • SSDEEP

    768:b87mzQ5VFNcDAFLcIwgnoYq0xFBvgmuNytquz:bOVF+D6cIwgosxz

Score
10/10
kinsingxmrig_linuxantivmdefense_evasiondiscoveryexecutionlinuxloaderminerpersistenceprivilege_escalationrootkit

Malware Config

Targets

    • Target

      d086a222af2a7db6f5b8e09fddef0fbc47b8adec462550c6cad677f26a2a16e1.sh

    • Size

      35KB

    • MD5

      69e6c91f00b3d4c85591757a37b83f54

    • SHA1

      35ad9a3795949925c2f6959dd88d318ecf92bf91

    • SHA256

      d086a222af2a7db6f5b8e09fddef0fbc47b8adec462550c6cad677f26a2a16e1

    • SHA512

      9d6cbb5d7146bfbdbd31b36b5b25806dd7b162508c96f77123182defcb08a7b72a2ea0e2bdfbfe69a6f6cc37fd2652e8375f821a463848a5f4ebbcf19ce315a3

    • SSDEEP

      768:b87mzQ5VFNcDAFLcIwgnoYq0xFBvgmuNytquz:bOVF+D6cIwgosxz

    Score
    10/10
    kinsingxmrig_linuxantivmdefense_evasiondiscoveryexecutionloaderminerpersistenceprivilege_escalationrootkit

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Kinsing family

      kinsing

    • Kinsing payload

    • Xmrig_linux family

      xmrig_linux

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

      defense_evasion

    • Executes dropped EXE

    • Flushes firewall rules

      Flushes/ disables firewall rules inside the Linux kernel.

      defense_evasion

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

      privilege_escalationdefense_evasion

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      executionpersistenceprivilege_escalation

    • Disables AppArmor

      Disables AppArmor security module.

    • Disables SELinux

      Disables SELinux security module.

      defense_evasion

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads list of loaded kernel modules

      Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

      defense_evasion
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Persistence

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Sudo and Sudo Caching

1
T1548.003

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Sudo and Sudo Caching

1
T1548.003

File and Directory Permissions Modification

1
T1222

Linux and Mac File and Directory Permissions Modification

1
T1222.002

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

1
T1562.001

Indicator Removal

1
T1070

Clear Linux or Mac System Logs

1
T1070.002

Virtualization/Sandbox Evasion

2
T1497

System Checks

1
T1497.001

Credential Access

Discovery

Process Discovery

1
T1057

System Information Discovery

2
T1082

System Network Configuration Discovery

1
T1016

Virtualization/Sandbox Evasion

2
T1497

System Checks

1
T1497.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks