Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

ubuntu.sh

ubuntu-18.04-amd64

6

ubuntu.sh

ubuntu-20.04-amd64

7

ubuntu.sh

ubuntu-22.04-amd64

7

ubuntu.sh

ubuntu-24.04-amd64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ubuntu.sh

  • Size

    608B

  • Sample

    250328-hc2fjssya1

  • MD5

    0a8ecf977231b05a401ca6393d3b7ef8

  • SHA1

    bad37c38b204d8e965e2d58e37920d18266e163c

  • SHA256

    45245cfb80fc049dbf862f7e2e23eebcda2a0d52c8e8ecdcb47a41a4760fd5a9

  • SHA512

    9a6da586643c0c4ea4983c7aacbe2ea68d5ee8b861ea68698d9cb150caf3f1b7e512250bc568c08367d7714b15e5d883c46280b567fdd9f13c0cac56c3f754db

Score
7/10
antivmcredential_accessdefense_evasiondiscoveryexecutionlinuxpersistenceprivilege_escalationstealer

Malware Config

Targets

    • Target

      ubuntu.sh

    • Size

      608B

    • MD5

      0a8ecf977231b05a401ca6393d3b7ef8

    • SHA1

      bad37c38b204d8e965e2d58e37920d18266e163c

    • SHA256

      45245cfb80fc049dbf862f7e2e23eebcda2a0d52c8e8ecdcb47a41a4760fd5a9

    • SHA512

      9a6da586643c0c4ea4983c7aacbe2ea68d5ee8b861ea68698d9cb150caf3f1b7e512250bc568c08367d7714b15e5d883c46280b567fdd9f13c0cac56c3f754db

    Score
    7/10
    defense_evasiondiscoveryprivilege_escalationcredential_accessstealerantivmexecutionpersistence

    • OS Credential Dumping

      Adversaries may attempt to dump credentials to use it in password cracking.

      credential_access

    • Reads EFI boot settings

      Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

      stealer

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

      privilege_escalationdefense_evasion

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

      antivm

    • Deletes log files

      Deletes log files on the system.

      defense_evasion

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Write file to user bin folder

      persistence

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

      credential_access
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Software Deployment Tools

1
T1072

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Sudo and Sudo Caching

1
T1548.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Sudo and Sudo Caching

1
T1548.003

Deobfuscate/Decode Files or Information

1
T1140

Indicator Removal

1
T1070

Clear Linux or Mac System Logs

1
T1070.002

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Virtualization/Sandbox Evasion

3
T1497

System Checks

3
T1497.001

Credential Access

OS Credential Dumping

2
T1003

/etc/passwd and /etc/shadow

1
T1003.008

Proc Filesystem

1
T1003.007

Discovery

System Information Discovery

2
T1082

Virtualization/Sandbox Evasion

3
T1497

System Checks

3
T1497.001

Lateral Movement

Software Deployment Tools

1
T1072

Collection

Command and Control

Exfiltration

Impact

Tasks