Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    39e9e5fcf2eb808ebd4d627e66e4a041bf8dd9456d5e2621168361d69804e125

  • Size

    4.2MB

  • Sample

    230318-lle6fsbg94

  • MD5

    a1596dd108deecd3fbf941d40715bd9e

  • SHA1

    2e1e9981ea2e2f19a538f34d7f18401187b17917

  • SHA256

    39e9e5fcf2eb808ebd4d627e66e4a041bf8dd9456d5e2621168361d69804e125

  • SHA512

    ddf4460988b7899149478c95e4d247f2c477739883a3e61f99b37005d753aae4b7e12d30168743b932d72968ac4446a7814f29f07bfe31415322ace6e117b45f

  • SSDEEP

    98304:YRfGpuCYDDVEUYXn42HewTcx1KgzE5K6TSJqUpUH9sltMp:tuVDDVFLoUxz2TSJq8UH9+W

Malware Config

Targets

    • Target

      39e9e5fcf2eb808ebd4d627e66e4a041bf8dd9456d5e2621168361d69804e125

    • Size

      4.2MB

    • MD5

      a1596dd108deecd3fbf941d40715bd9e

    • SHA1

      2e1e9981ea2e2f19a538f34d7f18401187b17917

    • SHA256

      39e9e5fcf2eb808ebd4d627e66e4a041bf8dd9456d5e2621168361d69804e125

    • SHA512

      ddf4460988b7899149478c95e4d247f2c477739883a3e61f99b37005d753aae4b7e12d30168743b932d72968ac4446a7814f29f07bfe31415322ace6e117b45f

    • SSDEEP

      98304:YRfGpuCYDDVEUYXn42HewTcx1KgzE5K6TSJqUpUH9sltMp:tuVDDVFLoUxz2TSJq8UH9+W

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

MITRE ATT&CK Enterprise v6

Tasks