Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

d0763141bc...77d.sh

ubuntu-18.04-amd64

10

d0763141bc...77d.sh

debian-9-armhf

10

d0763141bc...77d.sh

debian-9-mips

7

d0763141bc...77d.sh

debian-9-mipsel

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0763141bc30815e99ab8b99e7197b609ad842bf0443ceb6fc816fcf1851477d.sh

  • Size

    12KB

  • Sample

    250327-kyy9es1rz3

  • MD5

    141cab1fb37bf8965b41b67ba12953f6

  • SHA1

    ac5ad102aeb2dce1a48248df20bc132485daa3be

  • SHA256

    d0763141bc30815e99ab8b99e7197b609ad842bf0443ceb6fc816fcf1851477d

  • SHA512

    280558159a8bf8236e91ec7e03f5d8c95a32381167ab15fcf7d0999d5aecec70c46db4824e85788d570e349a279eeb031bea5da611914495b32c36e4bdb33293

  • SSDEEP

    384:hOUS1SKKJW78m+D+cl+LjzqWTj1PmsbB1CH:wUS1SxJW78HNl+LjOWTj1PmI6H

Score
10/10
xmrig_linuxantivmdefense_evasiondiscoverylinuxminerpersistenceprivilege_escalationupx

Malware Config

Targets

    • Target

      d0763141bc30815e99ab8b99e7197b609ad842bf0443ceb6fc816fcf1851477d.sh

    • Size

      12KB

    • MD5

      141cab1fb37bf8965b41b67ba12953f6

    • SHA1

      ac5ad102aeb2dce1a48248df20bc132485daa3be

    • SHA256

      d0763141bc30815e99ab8b99e7197b609ad842bf0443ceb6fc816fcf1851477d

    • SHA512

      280558159a8bf8236e91ec7e03f5d8c95a32381167ab15fcf7d0999d5aecec70c46db4824e85788d570e349a279eeb031bea5da611914495b32c36e4bdb33293

    • SSDEEP

      384:hOUS1SKKJW78m+D+cl+LjzqWTj1PmsbB1CH:wUS1SxJW78HNl+LjOWTj1PmI6H

    Score
    10/10
    xmrig_linuxdefense_evasiondiscoveryminerpersistenceprivilege_escalationupxantivm

    • Xmrig_linux family

      xmrig_linux

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

      privilege_escalationdefense_evasion

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

      persistenceprivilege_escalation

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

XDG Autostart Entries

1
T1547.013

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Sudo and Sudo Caching

1
T1548.003

Boot or Logon Autostart Execution

1
T1547

XDG Autostart Entries

1
T1547.013

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Sudo and Sudo Caching

1
T1548.003

File and Directory Permissions Modification

1
T1222

Linux and Mac File and Directory Permissions Modification

1
T1222.002

Virtualization/Sandbox Evasion

1
T1497

System Checks

1
T1497.001

Credential Access

Discovery

System Information Discovery

2
T1082

System Network Configuration Discovery

1
T1016

Virtualization/Sandbox Evasion

1
T1497

System Checks

1
T1497.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks