Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    GOG_Galaxy_Ghostrunner.exe

  • Size

    498KB

  • Sample

    230531-catd9scg9w

  • MD5

    7637e6a3ec95ffee2d83689f200c3015

  • SHA1

    bb99cf1cf097e5b58c9b68629ab58fb491441f91

  • SHA256

    d59371c88cd287e0e9704ca0a39bfbb1a5436312d253ccee407d7e3e1c628906

  • SHA512

    5d6e7245c6dcaae6aa244a2d26a51587f1f0fd1a92a96f83d1e19f67e4e9516d04a81abff258eb40206eeab9eb46378f9743ba02d5fbeb4e8a5bf7f06fb5a4ab

  • SSDEEP

    12288:X/Qgxsoz8Og3FPb5kBCpDGRlvDKAB2sPaVeOx:v4TDFP3o/vDKKFPaJ

Malware Config

Targets

    • Target

      GOG_Galaxy_Ghostrunner.exe

    • Size

      498KB

    • MD5

      7637e6a3ec95ffee2d83689f200c3015

    • SHA1

      bb99cf1cf097e5b58c9b68629ab58fb491441f91

    • SHA256

      d59371c88cd287e0e9704ca0a39bfbb1a5436312d253ccee407d7e3e1c628906

    • SHA512

      5d6e7245c6dcaae6aa244a2d26a51587f1f0fd1a92a96f83d1e19f67e4e9516d04a81abff258eb40206eeab9eb46378f9743ba02d5fbeb4e8a5bf7f06fb5a4ab

    • SSDEEP

      12288:X/Qgxsoz8Og3FPb5kBCpDGRlvDKAB2sPaVeOx:v4TDFP3o/vDKKFPaJ

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks