Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
145s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240522.1-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
06/03/2025, 03:47
Behavioral task
behavioral1
Sample
donk.x86.elf
Resource
ubuntu2204-amd64-20240522.1-en
5 signatures
150 seconds
General
-
Target
donk.x86.elf
-
Size
62KB
-
MD5
e7ede966cdb6c65c846c565d71a41fe1
-
SHA1
5a179d3484609a67d834b98e61abe15eedc5b048
-
SHA256
9d404ad212a102d624f3252653f6edf8f6c72254a11e5cf1661a077f659324dc
-
SHA512
218b605f45705d55a81e3e51ede502fe834b9d5cd53c656b2c31bb83db7baee54e4dc3c98bab9bb80c5f0a48f2c8bb1e3d6d7837b10ca894e8c7a7e8a4777672
-
SSDEEP
1536:Rkkiirjwnh3A1HsyjmIdyYWCQtQQxBNSdnLrt:Oyrjwnh3AdsyjDdDW3ZxBGLrt
Score
7/10
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Writes file to system bin folder 1 IoCs
description ioc File opened for modification /sbin/watchdog -
Changes its process name 1 IoCs
description pid Changes the process name, possibly in an attempt to hide itself 1555 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp