Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    23ba3de77a14e437f3d4ceaba711474ec0d3c9074d5c414f4b5a8c25041cd4ed

  • Size

    4.1MB

  • Sample

    230306-t7mfnacg6z

  • MD5

    898675e4d8541a43b10d356aa68076dc

  • SHA1

    3d121f08ffdd84d4144473726596bef6a4e107c8

  • SHA256

    23ba3de77a14e437f3d4ceaba711474ec0d3c9074d5c414f4b5a8c25041cd4ed

  • SHA512

    b877a78930f1cf748bd7b0e6fd8e8f57546843203a1e5a5c0ac55b8d688cb8aba3e2ed76da73e4095b835584721a07e757fa88cf939f2b46a63b65ddf124b026

  • SSDEEP

    98304:YsNdTTRx1jUsbNDzMLzrlDTE1e+B+jirSE0/52ykFUu:YMRx1V52zrlDqe+Wir90/wtUu

Malware Config

Targets

    • Target

      23ba3de77a14e437f3d4ceaba711474ec0d3c9074d5c414f4b5a8c25041cd4ed

    • Size

      4.1MB

    • MD5

      898675e4d8541a43b10d356aa68076dc

    • SHA1

      3d121f08ffdd84d4144473726596bef6a4e107c8

    • SHA256

      23ba3de77a14e437f3d4ceaba711474ec0d3c9074d5c414f4b5a8c25041cd4ed

    • SHA512

      b877a78930f1cf748bd7b0e6fd8e8f57546843203a1e5a5c0ac55b8d688cb8aba3e2ed76da73e4095b835584721a07e757fa88cf939f2b46a63b65ddf124b026

    • SSDEEP

      98304:YsNdTTRx1jUsbNDzMLzrlDTE1e+B+jirSE0/52ykFUu:YMRx1V52zrlDqe+Wir90/wtUu

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

MITRE ATT&CK Enterprise v6

Tasks