Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
147s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20250307-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
11/03/2025, 14:57
Behavioral task
behavioral1
Sample
hide.x86.elf
Resource
ubuntu2404-amd64-20250307-en
ubuntu-24.04-amd64
2 signatures
150 seconds
General
-
Target
hide.x86.elf
-
Size
39KB
-
MD5
873bbc20b4cdea05d61c8500522b201f
-
SHA1
a75d4965b36fce5c759038837824bb2b19902861
-
SHA256
9f1b42c2402117540177f5798ac9b6c072bd3612aadfe6d892586feb490e2944
-
SHA512
6e1b67f84fdd5ae0dd9ee56377eab08b15db8a9302b3914e1fc33cfff4586319c65b887fb6293ea3cc96b44e0ac019b72156be41a2b569ae205884db1b4bce8b
-
SSDEEP
768:udNK10vK9FsodbkZRCWEAPP/LNGwum5Rfci1jKubZhG4sy:OcyvK9FsodwZRCWEYP/gTMl1muthGdy
Score
7/10
Malware Config
Signatures
-
Loads a kernel module 53 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2500 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf 2502 hide.x86.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/a hide.x86.elf