Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8b3cf889e354dbfbdf735f6068642cac7c25aa2de9ac16a387191870c5d526f8

  • Size

    4.2MB

  • Sample

    230529-ld9ebsba35

  • MD5

    8d0b8f43b2ffb6522410fe96919c815a

  • SHA1

    3958cccac8d92ad681d75a39a72227447f59cb0e

  • SHA256

    8b3cf889e354dbfbdf735f6068642cac7c25aa2de9ac16a387191870c5d526f8

  • SHA512

    75df7c645e92f7820439e0f1597603488c0cc61759cb45a5436adf8451759466752737d13bf4e9dc5e50afaa04d1e5a9e0c23711e960763b6df7ef70a440495f

  • SSDEEP

    98304:n2FCBFlwInBnvoxMm3AMa/Fuiv5xCkjo1bUaPD+:osTxn1oCMqCkjo1IaPC

Malware Config

Targets

    • Target

      8b3cf889e354dbfbdf735f6068642cac7c25aa2de9ac16a387191870c5d526f8

    • Size

      4.2MB

    • MD5

      8d0b8f43b2ffb6522410fe96919c815a

    • SHA1

      3958cccac8d92ad681d75a39a72227447f59cb0e

    • SHA256

      8b3cf889e354dbfbdf735f6068642cac7c25aa2de9ac16a387191870c5d526f8

    • SHA512

      75df7c645e92f7820439e0f1597603488c0cc61759cb45a5436adf8451759466752737d13bf4e9dc5e50afaa04d1e5a9e0c23711e960763b6df7ef70a440495f

    • SSDEEP

      98304:n2FCBFlwInBnvoxMm3AMa/Fuiv5xCkjo1bUaPD+:osTxn1oCMqCkjo1IaPC

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks