Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    447954416e957bd6f8298ffe883e5860e0baf45dc3d39274b107905aff43e950

  • Size

    4.0MB

  • Sample

    230314-q9ypxsff66

  • MD5

    0102ecbc4af83383ab21af82c9fc0953

  • SHA1

    e3874ee162f4fbe42bd090baf887a0b2a3475609

  • SHA256

    447954416e957bd6f8298ffe883e5860e0baf45dc3d39274b107905aff43e950

  • SHA512

    d2acb187d0a0adc70ad59901752b5be372cb60d65e36dd34fa4c60ca0101e5106906e4aea5597325c55aaccd1c814e98a0a9ec13fbe77f0f85f8ea8e2211f5db

  • SSDEEP

    98304:c62PUm5I+VJq9CdIsXg8x3LTgFjhnoV+X7WNCkNNE2:cD955J+GIsQ8x7TgjoM2NE2

Malware Config

Targets

    • Target

      447954416e957bd6f8298ffe883e5860e0baf45dc3d39274b107905aff43e950

    • Size

      4.0MB

    • MD5

      0102ecbc4af83383ab21af82c9fc0953

    • SHA1

      e3874ee162f4fbe42bd090baf887a0b2a3475609

    • SHA256

      447954416e957bd6f8298ffe883e5860e0baf45dc3d39274b107905aff43e950

    • SHA512

      d2acb187d0a0adc70ad59901752b5be372cb60d65e36dd34fa4c60ca0101e5106906e4aea5597325c55aaccd1c814e98a0a9ec13fbe77f0f85f8ea8e2211f5db

    • SSDEEP

      98304:c62PUm5I+VJq9CdIsXg8x3LTgFjhnoV+X7WNCkNNE2:cD955J+GIsQ8x7TgjoM2NE2

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

MITRE ATT&CK Enterprise v6

Tasks