Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d5b977c613148522a517e39a9d663792cc5971d4a4d3955256ea00a2248f0b86

  • Size

    4.1MB

  • Sample

    230517-278mwsgf36

  • MD5

    0dfc4b2e44a9aef07b5f56a763d76020

  • SHA1

    824699a1542c50d1bcd833fe3b3949858d53d3c3

  • SHA256

    d5b977c613148522a517e39a9d663792cc5971d4a4d3955256ea00a2248f0b86

  • SHA512

    5f176027f7ef1b13a0f43993cf55bcf9cfb0cea886e3eaf19a115dadc1c9c10f7fce6931f47af535592bb8b249d97aaa33b4ed176b8a758faa5d6a9844cdc84a

  • SSDEEP

    98304:kDpdbi8p01C814IljdOBeZPgrBO+O/ZLJLVElyEOcmB9:6aL1C86mdOBe4r8//Y6r

Malware Config

Targets

    • Target

      d5b977c613148522a517e39a9d663792cc5971d4a4d3955256ea00a2248f0b86

    • Size

      4.1MB

    • MD5

      0dfc4b2e44a9aef07b5f56a763d76020

    • SHA1

      824699a1542c50d1bcd833fe3b3949858d53d3c3

    • SHA256

      d5b977c613148522a517e39a9d663792cc5971d4a4d3955256ea00a2248f0b86

    • SHA512

      5f176027f7ef1b13a0f43993cf55bcf9cfb0cea886e3eaf19a115dadc1c9c10f7fce6931f47af535592bb8b249d97aaa33b4ed176b8a758faa5d6a9844cdc84a

    • SSDEEP

      98304:kDpdbi8p01C814IljdOBeZPgrBO+O/ZLJLVElyEOcmB9:6aL1C86mdOBe4r8//Y6r

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks