Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

parm6.elf

debian-9-armhf

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    23/03/2025, 21:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    parm6.elf

  • Size

    57KB

  • MD5

    606118045fee881480d6a73e8aae9050

  • SHA1

    e4ad3d8ef8f6544d06cc843be692e98fe68f7586

  • SHA256

    297399048d5f4b335008cc03664cf20426dbe14543f9eb049f4f59ade2d0f61d

  • SHA512

    ed68171461e0d24b39cd6ebbe19406bfa9010b6ee288c73fe322a547308ea41800500d0b3850e9a9ceabc90925e3708555e71ddbf96a9b670f80313c7009d390

  • SSDEEP

    1536:ePS4tG8FL/+wTpnv2UilmIPL1ERbiEVuXgX:ePltG8dfBv2yYL1ERH5X

Score
10/10
miraimiraibotnetdefense_evasiondiscovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Mirai family
    mirai
  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/parm6.elf
    /tmp/parm6.elf
    1⤵
    • Deletes itself
    • Modifies Watchdog functionality
    • Changes its process name
    • Reads runtime system information
    PID:648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads