Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

gosh/a

ubuntu-18.04-amd64

7

gosh/a

debian-9-armhf

7

gosh/a

debian-9-mips

7

gosh/a

debian-9-mipsel

7

gosh/gen-pass.sh

ubuntu-18.04-amd64

1

gosh/gen-pass.sh

debian-9-armhf

1

gosh/gen-pass.sh

debian-9-mips

1

gosh/gen-pass.sh

debian-9-mipsel

1

gosh/hpiod

ubuntu-18.04-amd64

1

gosh/pico

ubuntu-18.04-amd64

gosh/pscan2

ubuntu-18.04-amd64

gosh/screen

ubuntu-18.04-amd64

7

gosh/screen

debian-9-armhf

7

gosh/screen

debian-9-mips

7

gosh/screen

debian-9-mipsel

7

gosh/secure

ubuntu-18.04-amd64

gosh/secure

debian-9-armhf

gosh/secure

debian-9-mips

gosh/secure

debian-9-mipsel

gosh/ss

ubuntu-18.04-amd64

1

Analysis

  • max time kernel
    135s
  • max time network
    157s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    22/12/2023, 02:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gosh/a

  • Size

    276B

  • MD5

    ed0623474bb93d1f820b04d8582c24e6

  • SHA1

    55d2d7da87c67f98004573bca4bb000f9b3e7436

  • SHA256

    836366ac82a737ab916efe9a27ae428b157535f535ac2917fd7afc948aa54df5

  • SHA512

    c894872ec37aa1ae444ce6401f3fe9f66596674eacf1fd5bfcc69b6cbc4e74738d532be95e2952b6bdd71e243e876ad8c60f0e469af0045deb932002f6eb23ce

Score
7/10

Malware Config

Signatures

  • Changes its process name 4 IoCs
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/gosh/a
    /tmp/gosh/a
    1⤵
      PID:1536
      • /usr/bin/clear
        clear
        2⤵
          PID:1537
        • /usr/bin/perl
          perl screen
          2⤵
          • Changes its process name
          PID:1538
        • /usr/bin/perl
          perl screen
          2⤵
          • Changes its process name
          PID:1543
        • /usr/bin/perl
          perl screen
          2⤵
          • Changes its process name
          PID:1545
        • /usr/bin/perl
          perl screen
          2⤵
          • Changes its process name
          PID:1547
        • /bin/rm
          rm -rf .pscan.22
          2⤵
            PID:1549
          • /tmp/gosh/pscan2
            ./pscan2 22
            2⤵
              PID:1550
            • /bin/sleep
              sleep 5
              2⤵
                PID:1551
              • /bin/cat
                cat .pscan.22
                2⤵
                  PID:1552
                • /usr/bin/sort
                  sort
                  2⤵
                    PID:1553
                  • /usr/bin/uniq
                    uniq
                    2⤵
                      PID:1554
                    • /bin/grep
                      grep -c . mfu.txt
                      2⤵
                        PID:1555
                      • /bin/sleep
                        sleep 5
                        2⤵
                          PID:1556
                        • /tmp/gosh/hpiod
                          ./hpiod 75
                          2⤵
                            PID:1561

                        Network

                        MITRE ATT&CK Matrix

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads