Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e195a3f86c683a169a8957b0c7b5753be92a3d15054965372416a78957c71d11

  • Size

    4.2MB

  • Sample

    230509-p5aa4ahg8x

  • MD5

    4001a5f90ce6d981e533599ef6db0b0b

  • SHA1

    7b682640b40176880f225c3e336064432ac34eaa

  • SHA256

    e195a3f86c683a169a8957b0c7b5753be92a3d15054965372416a78957c71d11

  • SHA512

    485ddd46e14a8e9bb47e12e39144db77524977c24d73f00c773edb8fa4c6fc8b8c7c1c3b6c8e0b27fda6ed9d637af0ef3d2d7b8d7b7b19ad6dd7d98205cba8ed

  • SSDEEP

    98304:JkaTEaGo2ns1iQCCbUKMTl2/5MXDOk0ymOMEG5JwRQLq05s98QXl:vTE/s1QCbUF2/gbmVj/LqgQ1

Malware Config

Targets

    • Target

      e195a3f86c683a169a8957b0c7b5753be92a3d15054965372416a78957c71d11

    • Size

      4.2MB

    • MD5

      4001a5f90ce6d981e533599ef6db0b0b

    • SHA1

      7b682640b40176880f225c3e336064432ac34eaa

    • SHA256

      e195a3f86c683a169a8957b0c7b5753be92a3d15054965372416a78957c71d11

    • SHA512

      485ddd46e14a8e9bb47e12e39144db77524977c24d73f00c773edb8fa4c6fc8b8c7c1c3b6c8e0b27fda6ed9d637af0ef3d2d7b8d7b7b19ad6dd7d98205cba8ed

    • SSDEEP

      98304:JkaTEaGo2ns1iQCCbUKMTl2/5MXDOk0ymOMEG5JwRQLq05s98QXl:vTE/s1QCbUF2/gbmVj/LqgQ1

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks