Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    gootloader_payload.js

  • Size

    507KB

  • Sample

    220906-p4cd3aacfn

  • MD5

    87da4e714b2536ff087610bd1d85973f

  • SHA1

    e13af717e348ec5991c8f9a5bcd97fb81c5bb011

  • SHA256

    be3da69303ecce036c309478131c3bfdc6bc2ce37a2cfd8833fd13cf0413f333

  • SHA512

    c3043ad057269896a95881997a0807470ab5ff6e12ca8c4e5481749196064959efea292a2a6d25f3ff69a6623c6731adf939989144021e4e768aa3acd3fea7e1

  • SSDEEP

    6144:D7TnJm/x24+NeRdwDVPcPJwSXYlS9/kN5EJ1aKA5n9SKQoulUIoMoCVca:D7TE/xH+wRdwRPiMmkNzKABAJ1lUeVca

Malware Config

Targets

    • Target

      gootloader_payload.js

    • Size

      507KB

    • MD5

      87da4e714b2536ff087610bd1d85973f

    • SHA1

      e13af717e348ec5991c8f9a5bcd97fb81c5bb011

    • SHA256

      be3da69303ecce036c309478131c3bfdc6bc2ce37a2cfd8833fd13cf0413f333

    • SHA512

      c3043ad057269896a95881997a0807470ab5ff6e12ca8c4e5481749196064959efea292a2a6d25f3ff69a6623c6731adf939989144021e4e768aa3acd3fea7e1

    • SSDEEP

      6144:D7TnJm/x24+NeRdwDVPcPJwSXYlS9/kN5EJ1aKA5n9SKQoulUIoMoCVca:D7TE/xH+wRdwRPiMmkNzKABAJ1lUeVca

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks