Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5dd7489e4d3402d4c9a042cc3b4740c68b98da7a60e5f4f5311fc6d8f7767345

  • Size

    4.1MB

  • Sample

    230605-pycsmsgf57

  • MD5

    c4a58cfdc8d3a60934e159a12182bcf0

  • SHA1

    56bc9f7754667dc2a37528fa475bee7abcac6c33

  • SHA256

    5dd7489e4d3402d4c9a042cc3b4740c68b98da7a60e5f4f5311fc6d8f7767345

  • SHA512

    bfd2210721cf2a804e0a3794f45ec38d4e409424f793e2e0570b811fdd0de6d9aea04660607d15926e383fb946500c1d15312e1052f32f77aadaee9dd7961d4d

  • SSDEEP

    98304:+E/Ca8bubb66TLoMLw1MshEKjhJEeBVxIXDMgHZblZXdPNmI0:86HsLGsSktBDKTnmN

Malware Config

Targets

    • Target

      5dd7489e4d3402d4c9a042cc3b4740c68b98da7a60e5f4f5311fc6d8f7767345

    • Size

      4.1MB

    • MD5

      c4a58cfdc8d3a60934e159a12182bcf0

    • SHA1

      56bc9f7754667dc2a37528fa475bee7abcac6c33

    • SHA256

      5dd7489e4d3402d4c9a042cc3b4740c68b98da7a60e5f4f5311fc6d8f7767345

    • SHA512

      bfd2210721cf2a804e0a3794f45ec38d4e409424f793e2e0570b811fdd0de6d9aea04660607d15926e383fb946500c1d15312e1052f32f77aadaee9dd7961d4d

    • SSDEEP

      98304:+E/Ca8bubb66TLoMLw1MshEKjhJEeBVxIXDMgHZblZXdPNmI0:86HsLGsSktBDKTnmN

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks