Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
23/03/2025, 21:27
Behavioral task
behavioral1
Sample
px86.elf
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
6 signatures
150 seconds
General
-
Target
px86.elf
-
Size
43KB
-
MD5
4995d05bf5468109373f0a5608ec3793
-
SHA1
bef9cab835b7593cf839e7b39b23999f2ee14857
-
SHA256
48149300436783604a0ba8626ceba9d4060efad73592fcee69fc5cc8eedc6028
-
SHA512
e4a81a847039bdb962ce6a51d67643beb66d297f86ba9ddc1a9907ce1acda2f9c8e9bc46acd6d171889210024249384a8d9b5f3022eec88f3fb5461f2a2ba7e0
-
SSDEEP
768:piwfWG3GcTE6BIQjt9wOEfrttCrzIDZwJn55kla4tIkjLUXFtWe1uocS9:piC53GqB7cByrzNjuaQIkjADci
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
MIRAI
Signatures
-
Mirai family
-
Deletes itself 1 IoCs
pid 1506 -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Changes its process name 1 IoCs
description pid Changes the process name, possibly in an attempt to hide itself 1506 -
description ioc File opened for reading /proc/1247cmdline File opened for reading /proc/1275cmdline File opened for reading /proc/1503cmdline File opened for reading /proc/169cmdline File opened for reading /proc/966cmdline File opened for reading /proc/135cmdline File opened for reading /proc/488cmdline File opened for reading /proc/1119cmdline File opened for reading /proc/1184cmdline File opened for reading /proc/1315cmdline File opened for reading /proc/17cmdline File opened for reading /proc/79cmdline File opened for reading /proc/168cmdline File opened for reading /proc/468cmdline File opened for reading /proc/1010cmdline File opened for reading /proc/1166cmdline File opened for reading /proc/1510cmdline File opened for reading /proc/31cmdline File opened for reading /proc/522cmdline File opened for reading /proc/523cmdline File opened for reading /proc/613cmdline File opened for reading /proc/948cmdline File opened for reading /proc/1035cmdline File opened for reading /proc/1284cmdline File opened for reading /proc/1346cmdline File opened for reading /proc/24cmdline File opened for reading /proc/80cmdline File opened for reading /proc/182cmdline File opened for reading /proc/682cmdline File opened for reading /proc/1266cmdline File opened for reading /proc/21cmdline File opened for reading /proc/30cmdline File opened for reading /proc/115cmdline File opened for reading /proc/684cmdline File opened for reading /proc/1058cmdline File opened for reading /proc/1186cmdline File opened for reading /proc/36cmdline File opened for reading /proc/688cmdline File opened for reading /proc/1115cmdline File opened for reading /proc/1376cmdline File opened for reading /proc/22cmdline File opened for reading /proc/172cmdline File opened for reading /proc/471cmdline File opened for reading /proc/554cmdline File opened for reading /proc/1144cmdline File opened for reading /proc/23cmdline File opened for reading /proc/89cmdline File opened for reading /proc/278cmdline File opened for reading /proc/1168cmdline File opened for reading /proc/1305cmdline File opened for reading /proc/18cmdline File opened for reading /proc/416cmdline File opened for reading /proc/1151cmdline File opened for reading /proc/1502cmdline File opened for reading /proc/1511cmdline File opened for reading /proc/4cmdline File opened for reading /proc/184cmdline File opened for reading /proc/735cmdline File opened for reading /proc/1162cmdline File opened for reading /proc/1292cmdline File opened for reading /proc/7cmdline File opened for reading /proc/330cmdline File opened for reading /proc/415cmdline File opened for reading /proc/423cmdline