Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e003f5133933305a0ab7adc2c57d95c10b085171dc0cc5487e9393b755ef5b82

  • Size

    4.2MB

  • Sample

    221206-qttq2afb81

  • MD5

    484db134818ee3052d2cfd4da53f6151

  • SHA1

    d22a4ed1c686c7729ed5b2c702ab8546b2842ff4

  • SHA256

    e003f5133933305a0ab7adc2c57d95c10b085171dc0cc5487e9393b755ef5b82

  • SHA512

    b3d8a70828bbbc2f422d1cf18c5352fdb22404a74d9a0d72057dc054be104174225c55c3f8fa8b7dcb3a5f0e6c57a52570fecd94907d16119e6b906fbd70e7f6

  • SSDEEP

    98304:MivlaRKQfEZ8rGCcIK68KD3JvwXv1//2/QatU9WbPKCN4RCXb:llcq8rG9IB8KDZ4fJ/5X9WbiCyCr

Malware Config

Targets

    • Target

      e003f5133933305a0ab7adc2c57d95c10b085171dc0cc5487e9393b755ef5b82

    • Size

      4.2MB

    • MD5

      484db134818ee3052d2cfd4da53f6151

    • SHA1

      d22a4ed1c686c7729ed5b2c702ab8546b2842ff4

    • SHA256

      e003f5133933305a0ab7adc2c57d95c10b085171dc0cc5487e9393b755ef5b82

    • SHA512

      b3d8a70828bbbc2f422d1cf18c5352fdb22404a74d9a0d72057dc054be104174225c55c3f8fa8b7dcb3a5f0e6c57a52570fecd94907d16119e6b906fbd70e7f6

    • SSDEEP

      98304:MivlaRKQfEZ8rGCcIK68KD3JvwXv1//2/QatU9WbPKCN4RCXb:llcq8rG9IB8KDZ4fJ/5X9WbiCyCr

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks