Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d04d671861107d45589a22b2ceb2d02fe54c378cd698014e24ac7c718c40c0a1

  • Size

    4.1MB

  • Sample

    230323-bkkz7see5y

  • MD5

    92e57cfea586564113688d4d0583e1dd

  • SHA1

    e364d576e1ff519d74ba0caa29fa706df82f5527

  • SHA256

    d04d671861107d45589a22b2ceb2d02fe54c378cd698014e24ac7c718c40c0a1

  • SHA512

    ae00f79bd7a94c2f2265861f11c805a573032f9339bdfe33d450f9329db5d4b522002dd4f62e62324bd4beb7ed11f5f09f8fc3ee5dec54ca00177d7cde8bf190

  • SSDEEP

    98304:qOvZkWifERBwBvxjcKaTrMwi2GNRp1swkhINlWN6ulhd6:DhkswFFcKUrVi2pweINlWsk/6

Malware Config

Targets

    • Target

      d04d671861107d45589a22b2ceb2d02fe54c378cd698014e24ac7c718c40c0a1

    • Size

      4.1MB

    • MD5

      92e57cfea586564113688d4d0583e1dd

    • SHA1

      e364d576e1ff519d74ba0caa29fa706df82f5527

    • SHA256

      d04d671861107d45589a22b2ceb2d02fe54c378cd698014e24ac7c718c40c0a1

    • SHA512

      ae00f79bd7a94c2f2265861f11c805a573032f9339bdfe33d450f9329db5d4b522002dd4f62e62324bd4beb7ed11f5f09f8fc3ee5dec54ca00177d7cde8bf190

    • SSDEEP

      98304:qOvZkWifERBwBvxjcKaTrMwi2GNRp1swkhINlWN6ulhd6:DhkswFFcKUrVi2pweINlWsk/6

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

MITRE ATT&CK Enterprise v6

Tasks