Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2a1d1d328b63ae957c6694ffd5c090ab7fc2c776e640d7ab15c6963b7959da43

  • Size

    4.1MB

  • Sample

    221025-a5s1wabbcn

  • MD5

    c2a449136bca877644cd20ebe17a20f6

  • SHA1

    15a3c7e4e8c18687a394e88847c1068cb33cd6d8

  • SHA256

    2a1d1d328b63ae957c6694ffd5c090ab7fc2c776e640d7ab15c6963b7959da43

  • SHA512

    02a344f78fa01643b24690a5f237617b34e1d681f0faddb0023a98ab7e3db88b4462535044a16e671402700f43a075f2d5d4663bfbaa5d94af618f48229d1bb9

  • SSDEEP

    98304:ivkWGAjgnQMWAUDdKZRLg13geyT4YicLMwZPxtdBCQH9n:eGUgQP5DdKZiCf0Y/MQZtdBj

Malware Config

Targets

    • Target

      2a1d1d328b63ae957c6694ffd5c090ab7fc2c776e640d7ab15c6963b7959da43

    • Size

      4.1MB

    • MD5

      c2a449136bca877644cd20ebe17a20f6

    • SHA1

      15a3c7e4e8c18687a394e88847c1068cb33cd6d8

    • SHA256

      2a1d1d328b63ae957c6694ffd5c090ab7fc2c776e640d7ab15c6963b7959da43

    • SHA512

      02a344f78fa01643b24690a5f237617b34e1d681f0faddb0023a98ab7e3db88b4462535044a16e671402700f43a075f2d5d4663bfbaa5d94af618f48229d1bb9

    • SSDEEP

      98304:ivkWGAjgnQMWAUDdKZRLg13geyT4YicLMwZPxtdBCQH9n:eGUgQP5DdKZiCf0Y/MQZtdBj

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Windows security bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks