Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
697059366f473ac32a9d77d08e864c3027a6133960c2512db2f458d5a7a47d94.sh
-
Size
15KB
-
Sample
250224-dgkw5szps4
-
MD5
fd54f40513116a2f111996ee71c6a487
-
SHA1
76392a5b9c92fd5e72df4ba1d2baf0d9576a1e38
-
SHA256
697059366f473ac32a9d77d08e864c3027a6133960c2512db2f458d5a7a47d94
-
SHA512
3f1fb173b3050f8f5e065710200b3192e84661048464130d3c78778552f46bf4113f6731dd79b7dcf5c45d5064522e2805c18ebff04c18785d7f42ef9f0132b5
-
SSDEEP
384:r5JxgzLuqlH2wx2vUaQa5/eN86704s80ooJQYgykWT4yCtvUsDjdWOoJwt:trgXux7YJDj8OoJwt
Malware Config
Targets
-
-
Target
697059366f473ac32a9d77d08e864c3027a6133960c2512db2f458d5a7a47d94.sh
-
Size
15KB
-
MD5
fd54f40513116a2f111996ee71c6a487
-
SHA1
76392a5b9c92fd5e72df4ba1d2baf0d9576a1e38
-
SHA256
697059366f473ac32a9d77d08e864c3027a6133960c2512db2f458d5a7a47d94
-
SHA512
3f1fb173b3050f8f5e065710200b3192e84661048464130d3c78778552f46bf4113f6731dd79b7dcf5c45d5064522e2805c18ebff04c18785d7f42ef9f0132b5
-
SSDEEP
384:r5JxgzLuqlH2wx2vUaQa5/eN86704s80ooJQYgykWT4yCtvUsDjdWOoJwt:trgXux7YJDj8OoJwt
Score10/10-
Kinsing
Kinsing is a loader written in Golang.
-
Kinsing Rootkit
Rootkit reuses the publicly available BEURK rootkit.
-
Kinsing Rootkit payload
-
Kinsing family
-
Kinsing payload
-
Kinsing_rootkit family
-
Modifies the dynamic linker configuration file
Malware can modify the configuration file of the dynamic linker to preload malicous libraries with every executed process.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Loads a kernel module
Loads a Linux kernel module, potentially to achieve persistence
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Hijack Execution Flow
1Dynamic Linker Hijacking
1Scheduled Task/Job
1Cron
1Privilege Escalation
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1Boot or Logon Autostart Execution
1XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Hijack Execution Flow
1Dynamic Linker Hijacking
1Scheduled Task/Job
1Cron
1Defense Evasion
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Hijack Execution Flow
1Dynamic Linker Hijacking
1Impair Defenses
1Disable or Modify System Firewall
1Virtualization/Sandbox Evasion
2System Checks
1