Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ec1213394717932b0062136ce96d42092e9120da1e32cce7ff355de67c7b6988.sh
-
Size
27KB
-
Sample
250224-eebq5ayrbt
-
MD5
e1753baa1b118dc24f6dc0ba82fdafc0
-
SHA1
3906dedc8d5623bf5ab739ee156a881d011630b2
-
SHA256
ec1213394717932b0062136ce96d42092e9120da1e32cce7ff355de67c7b6988
-
SHA512
cd8208faf30c801fb4b41114d566eeba58629dd5658d0e82883b875fa4bd24a00ec813fd2e05c39afa158cd0bfae40e17bbfc810e649fbf873037badde8d25ce
-
SSDEEP
384:p7pQBDf6jlpTWg3vMGQiKMvU/4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdeUoJ5:p7wVFNcDAFLcIwgnoYq0xFB/aps
Malware Config
Targets
-
-
Target
ec1213394717932b0062136ce96d42092e9120da1e32cce7ff355de67c7b6988.sh
-
Size
27KB
-
MD5
e1753baa1b118dc24f6dc0ba82fdafc0
-
SHA1
3906dedc8d5623bf5ab739ee156a881d011630b2
-
SHA256
ec1213394717932b0062136ce96d42092e9120da1e32cce7ff355de67c7b6988
-
SHA512
cd8208faf30c801fb4b41114d566eeba58629dd5658d0e82883b875fa4bd24a00ec813fd2e05c39afa158cd0bfae40e17bbfc810e649fbf873037badde8d25ce
-
SSDEEP
384:p7pQBDf6jlpTWg3vMGQiKMvU/4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdeUoJ5:p7wVFNcDAFLcIwgnoYq0xFB/aps
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Kinsing family
-
Kinsing payload
-
Xmrig_linux family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Executes dropped EXE
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Loads a kernel module
Loads a Linux kernel module, potentially to achieve persistence
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Disables AppArmor
Disables AppArmor security module.
-
Disables SELinux
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1Scheduled Task/Job
1Cron
1Defense Evasion
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Indicator Removal
1Clear Linux or Mac System Logs
1Virtualization/Sandbox Evasion
2System Checks
1