Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f7f287e17934124f22a9f78ff4deccfa29d780cbbadb51c1448f1bf1d2e4e886.elf
-
Size
50KB
-
Sample
250311-gdq6jatmt4
-
MD5
b4f0c06068424621b1cce60e367aeef7
-
SHA1
c569ed0d9c018a9e0635144b291b5e53d4965c7a
-
SHA256
f7f287e17934124f22a9f78ff4deccfa29d780cbbadb51c1448f1bf1d2e4e886
-
SHA512
42853d2810cae61cb9c537925de58435dd1692783a4c92100a8b90d14b28aa7a4b37765d0685242b00316df37cab2d737a0913e93e2a127fa9ca434f88bba7f8
-
SSDEEP
768:OohF/ryzIZ5Byx8+xjxqbS9XsQmnxK2ABwDsi1JlJ0d0e0xa0y0ta0Qj4Y0Ab72e:tDzyEZqLxjxmjZsj4072AXN1+EMUCpA1
Malware Config
Targets
-
-
Target
f7f287e17934124f22a9f78ff4deccfa29d780cbbadb51c1448f1bf1d2e4e886.elf
-
Size
50KB
-
MD5
b4f0c06068424621b1cce60e367aeef7
-
SHA1
c569ed0d9c018a9e0635144b291b5e53d4965c7a
-
SHA256
f7f287e17934124f22a9f78ff4deccfa29d780cbbadb51c1448f1bf1d2e4e886
-
SHA512
42853d2810cae61cb9c537925de58435dd1692783a4c92100a8b90d14b28aa7a4b37765d0685242b00316df37cab2d737a0913e93e2a127fa9ca434f88bba7f8
-
SSDEEP
768:OohF/ryzIZ5Byx8+xjxqbS9XsQmnxK2ABwDsi1JlJ0d0e0xa0y0ta0Qj4Y0Ab72e:tDzyEZqLxjxmjZsj4072AXN1+EMUCpA1
Score9/10-
Contacts a large (14894) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-