Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Goonscript.exe

  • Size

    6.9MB

  • Sample

    240724-bl69tssgld

  • MD5

    8bb727b07bc152ae905f3fb4ac0f2f76

  • SHA1

    e0e5b8de9c0d72cfbcb8f097faa7fe09de17dba8

  • SHA256

    61f681746ed31336dde667f4f68314291712fbb0d0df0f52d4919df5f94da088

  • SHA512

    a05ef5971a9fbeba950425512e699e0cac0873a9b6b2efaae32ee7364bd0d014d3e2bcf698931763f2f06c3567d08987c092bb86d61dea0001bc683572540f0e

  • SSDEEP

    98304:vAdMOtmUfXgtMR/31ppMwuRUS56WkhaYHkBYbUF6Hhsi/+GDRJ0ite5SKHrrMw+z:vUm44BjYHkBmU0sm70qiLLr7bae0vaK1

Malware Config

Targets

    • Target

      Goonscript.exe

    • Size

      6.9MB

    • MD5

      8bb727b07bc152ae905f3fb4ac0f2f76

    • SHA1

      e0e5b8de9c0d72cfbcb8f097faa7fe09de17dba8

    • SHA256

      61f681746ed31336dde667f4f68314291712fbb0d0df0f52d4919df5f94da088

    • SHA512

      a05ef5971a9fbeba950425512e699e0cac0873a9b6b2efaae32ee7364bd0d014d3e2bcf698931763f2f06c3567d08987c092bb86d61dea0001bc683572540f0e

    • SSDEEP

      98304:vAdMOtmUfXgtMR/31ppMwuRUS56WkhaYHkBYbUF6Hhsi/+GDRJ0ite5SKHrrMw+z:vUm44BjYHkBmU0sm70qiLLr7bae0vaK1

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks