Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

gosh/3.vbs

windows7-x64

1

gosh/3.vbs

windows10-2004-x64

1

gosh/gen-pass.sh

ubuntu-18.04-amd64

1

gosh/gen-pass.sh

debian-9-armhf

1

gosh/gen-pass.sh

debian-9-mips

1

gosh/gen-pass.sh

debian-9-mipsel

1

gosh/go.sh

windows7-x64

3

gosh/go.sh

windows10-2004-x64

3

gosh/pscan2

ubuntu-18.04-amd64

gosh/scam

ubuntu-18.04-amd64

6

gosh/scam

debian-9-armhf

6

gosh/scam

debian-9-mips

1

gosh/scam

debian-9-mipsel

6

gosh/secure

ubuntu-18.04-amd64

3

gosh/secure

debian-9-armhf

3

gosh/secure

debian-9-mips

3

gosh/secure

debian-9-mipsel

3

gosh/ss

ubuntu-18.04-amd64

1

gosh/ssh-scan

ubuntu-18.04-amd64

1

Analysis

  • max time kernel
    3s
  • max time network
    134s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    22/12/2023, 13:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gosh/secure

  • Size

    197B

  • MD5

    39acbfc1e983e45308cdab2d3ec4bf34

  • SHA1

    f8f712474d0c1e80126f8fc91e9ffd819f7d7f45

  • SHA256

    b7bfce3e886608199e7dd31bcd4af0d84eaa90267e45273278e8826dfa993133

  • SHA512

    e1f6782e1130deb6dd27e922e663136e0896747819c853750b237d2dd18e1951e4796c65bdc3bd4e77974afe8880a8309e495440abde920a5f9f6b40bc7512b6

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/gosh/secure
    /tmp/gosh/secure
    1⤵
      PID:1529
      • /usr/bin/whoami
        whoami
        2⤵
          PID:1530
        • /bin/chmod
          chmod -x /usr/bin/mail
          2⤵
            PID:1531
          • /bin/mv
            mv /usr/bin/mail /usr/bin/s8
            2⤵
            • Reads runtime system information
            PID:1532

        Network

        • flag-us
          DNS
          cdn.fwupd.org
          Remote address:
          1.1.1.1:53
          Request
          cdn.fwupd.org
          IN A
          Response
          cdn.fwupd.org
          IN CNAME
          dualstack.p2.shared.global.fastly.net
          dualstack.p2.shared.global.fastly.net
          IN A
          151.101.2.49
          dualstack.p2.shared.global.fastly.net
          IN A
          151.101.194.49
          dualstack.p2.shared.global.fastly.net
          IN A
          151.101.66.49
          dualstack.p2.shared.global.fastly.net
          IN A
          151.101.130.49
        • flag-us
          DNS
          cdn.fwupd.org
          Remote address:
          1.1.1.1:53
          Request
          cdn.fwupd.org
          IN AAAA
          Response
          cdn.fwupd.org
          IN CNAME
          dualstack.p2.shared.global.fastly.net
          dualstack.p2.shared.global.fastly.net
          IN AAAA
          2a04:4e42:400::561
          dualstack.p2.shared.global.fastly.net
          IN AAAA
          2a04:4e42:600::561
          dualstack.p2.shared.global.fastly.net
          IN AAAA
          2a04:4e42::561
          dualstack.p2.shared.global.fastly.net
          IN AAAA
          2a04:4e42:200::561
        • flag-us
          DNS
          1527653184.rsc.cdn77.org
          Remote address:
          1.1.1.1:53
          Request
          1527653184.rsc.cdn77.org
          IN A
          Response
          1527653184.rsc.cdn77.org
          IN A
          195.181.164.18
          1527653184.rsc.cdn77.org
          IN A
          89.187.167.7
        • flag-us
          DNS
          1527653184.rsc.cdn77.org
          Remote address:
          1.1.1.1:53
          Request
          1527653184.rsc.cdn77.org
          IN AAAA
          Response
          1527653184.rsc.cdn77.org
          IN AAAA
          2a02:6ea0:ca00::3
          1527653184.rsc.cdn77.org
          IN AAAA
          2a02:6ea0:ca00::4
        • 151.101.194.49:443
          tls
          127 B
           40 B
           2
          1
        • 151.101.129.91:443
          tls
          127 B
           40 B
           2
          1
        • 195.181.164.14:443
          tls
          851 B
           11
        • 185.125.188.62:443
          tls
          135 B
           2
        • 185.125.188.61:443
          tls
          135 B
           2
        • 151.101.130.49:443
          cdn.fwupd.org
          tls
          14.4kB
           1.0MB
           235
          768
        • 151.101.129.91:443
          extensions.gnome.org
          tls
          5.2kB
           224.5kB
           89
          179
        • 195.181.164.18:443
          odrs.gnome.org
          tls
          17.2kB
           1.6MB
           319
          1167
        • 224.0.0.251:5353
          146 B
           2
        • 1.1.1.1:53
          cdn.fwupd.org
          dns
          70 B
           185 B
           1
          1

          DNS Request

          cdn.fwupd.org

          DNS Response

          151.101.2.49
          151.101.194.49
          151.101.66.49
          151.101.130.49

        • 1.1.1.1:53
          cdn.fwupd.org
          dns
          70 B
           233 B
           1
          1

          DNS Request

          cdn.fwupd.org

          DNS Response

          2a04:4e42:400::561
          2a04:4e42:600::561
          2a04:4e42::561
          2a04:4e42:200::561

        • 1.1.1.1:53
          1527653184.rsc.cdn77.org
          dns
          81 B
           113 B
           1
          1

          DNS Request

          1527653184.rsc.cdn77.org

          DNS Response

          195.181.164.18
          89.187.167.7

        • 1.1.1.1:53
          1527653184.rsc.cdn77.org
          dns
          81 B
           137 B
           1
          1

          DNS Request

          1527653184.rsc.cdn77.org

          DNS Response

          2a02:6ea0:ca00::3
          2a02:6ea0:ca00::4

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.