Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    973243366f5d2ec8222bdc9c7a1411bb6d1e53cca743d53b043594102d1a520a

  • Size

    4.2MB

  • Sample

    230722-16282sda3s

  • MD5

    3d57ee338f600dc36a9d09fd128549b3

  • SHA1

    3e4590f5a439c833affb35add9707b0c4a6a46a1

  • SHA256

    973243366f5d2ec8222bdc9c7a1411bb6d1e53cca743d53b043594102d1a520a

  • SHA512

    32eaf0eda8ab5e3db3a070f3a30f6317dee4ba2e43c744aa6d946da18ba5404ec4bce414b3dc2f3f92e7cb60e3942d5aa47f48c2131aa6015f939144238e4484

  • SSDEEP

    98304:/Ng1CHugjIZ0jT38FApL1eDF4Lq/GbT62j1n3oZrON8cZ/:y1BgMZaT3rpBOUq/GbT62toZSN8Q/

Malware Config

Targets

    • Target

      973243366f5d2ec8222bdc9c7a1411bb6d1e53cca743d53b043594102d1a520a

    • Size

      4.2MB

    • MD5

      3d57ee338f600dc36a9d09fd128549b3

    • SHA1

      3e4590f5a439c833affb35add9707b0c4a6a46a1

    • SHA256

      973243366f5d2ec8222bdc9c7a1411bb6d1e53cca743d53b043594102d1a520a

    • SHA512

      32eaf0eda8ab5e3db3a070f3a30f6317dee4ba2e43c744aa6d946da18ba5404ec4bce414b3dc2f3f92e7cb60e3942d5aa47f48c2131aa6015f939144238e4484

    • SSDEEP

      98304:/Ng1CHugjIZ0jT38FApL1eDF4Lq/GbT62j1n3oZrON8cZ/:y1BgMZaT3rpBOUq/GbT62toZSN8Q/

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks