Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

arm6.elf

debian-12-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    arm6.elf

  • Size

    116KB

  • Sample

    250328-eh8v2atms5

  • MD5

    6c04e05f915c597955f76bbb94cb86b7

  • SHA1

    275158212364f282a2c77ded085607090a25e08e

  • SHA256

    70871aedab0f9d4f5da309709738ed89fc6e0461457f2a3812c9a6d91ac73168

  • SHA512

    642124378333756291599d15a9465d78d328df279f9ff71865eb192d71b7b982e0d8007646951637cbaafdc069b3231998357c9e8ea60db9897264096f69abbc

  • SSDEEP

    3072:fBmKyo0CgHtFdRtoH0skJkZaWL4YuBRBG6f3ON1LknQ/:fBmKyo0CgHtFdH4qJ7W/IRBhf61L

Score
9/10
credential_accessdiscovery

Malware Config

Targets

    • Target

      arm6.elf

    • Size

      116KB

    • MD5

      6c04e05f915c597955f76bbb94cb86b7

    • SHA1

      275158212364f282a2c77ded085607090a25e08e

    • SHA256

      70871aedab0f9d4f5da309709738ed89fc6e0461457f2a3812c9a6d91ac73168

    • SHA512

      642124378333756291599d15a9465d78d328df279f9ff71865eb192d71b7b982e0d8007646951637cbaafdc069b3231998357c9e8ea60db9897264096f69abbc

    • SSDEEP

      3072:fBmKyo0CgHtFdRtoH0skJkZaWL4YuBRBG6f3ON1LknQ/:fBmKyo0CgHtFdH4qJ7W/IRBhf61L

    Score
    9/10
    credential_accessdiscovery

    • Contacts a large (29524) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Renames itself

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

      credential_access
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks