Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bf2eb931487038b394805f31e587edae17f86544cc982575db0f39279ab7b40f

  • Size

    4.0MB

  • Sample

    230213-m93r4acc2x

  • MD5

    8ba03b75db3188dadccc3a970255b49c

  • SHA1

    7e66c32cf30c8c1d43bc46b63cf14e6daea55bce

  • SHA256

    bf2eb931487038b394805f31e587edae17f86544cc982575db0f39279ab7b40f

  • SHA512

    841b8cf84881473bea13ec00e31622abf980135da6de6341dd6f06d80afb5a8a65b03b09657fc1b6485e21a9ac2b70865aa382f3915d8626598bdb7c044be738

  • SSDEEP

    49152:B2DhrW4INFN9HYWDUEksBHazfb+Sudew96o8R5aMeaDZnWxqlzBOfQu8vGWq4aaF:MiNtY7EkdVw4o8HaMWxq3Of4+dDiXelS

Malware Config

Targets

    • Target

      bf2eb931487038b394805f31e587edae17f86544cc982575db0f39279ab7b40f

    • Size

      4.0MB

    • MD5

      8ba03b75db3188dadccc3a970255b49c

    • SHA1

      7e66c32cf30c8c1d43bc46b63cf14e6daea55bce

    • SHA256

      bf2eb931487038b394805f31e587edae17f86544cc982575db0f39279ab7b40f

    • SHA512

      841b8cf84881473bea13ec00e31622abf980135da6de6341dd6f06d80afb5a8a65b03b09657fc1b6485e21a9ac2b70865aa382f3915d8626598bdb7c044be738

    • SSDEEP

      49152:B2DhrW4INFN9HYWDUEksBHazfb+Sudew96o8R5aMeaDZnWxqlzBOfQu8vGWq4aaF:MiNtY7EkdVw4o8HaMWxq3Of4+dDiXelS

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks