Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fa8ab65c749caba5d25c9396f466cff056904e782cad64386282eb2f98464c3c

  • Size

    4.2MB

  • Sample

    230803-s47rradh83

  • MD5

    5c8dba8fb13508894f2fb31393b0187e

  • SHA1

    6c7ae0190fa6fa7b19cb21940dc5a1e9e49236ca

  • SHA256

    fa8ab65c749caba5d25c9396f466cff056904e782cad64386282eb2f98464c3c

  • SHA512

    b236c0835a7f6ab236c2abe22dc261ffc24fb1c23a2d8beea978aea4fb9f97bd54412c8c90941c644d70bec83efe8268d72959b67be2ac319f1d8aa9173ca54d

  • SSDEEP

    98304:ZHU6+Sn5CsqTqiHVwBaITzpP7PTSvojqwXqjZyh1IBDxW:Z06+IqTqi1wBaOZ7PTEoj/XqwIBD0

Malware Config

Targets

    • Target

      fa8ab65c749caba5d25c9396f466cff056904e782cad64386282eb2f98464c3c

    • Size

      4.2MB

    • MD5

      5c8dba8fb13508894f2fb31393b0187e

    • SHA1

      6c7ae0190fa6fa7b19cb21940dc5a1e9e49236ca

    • SHA256

      fa8ab65c749caba5d25c9396f466cff056904e782cad64386282eb2f98464c3c

    • SHA512

      b236c0835a7f6ab236c2abe22dc261ffc24fb1c23a2d8beea978aea4fb9f97bd54412c8c90941c644d70bec83efe8268d72959b67be2ac319f1d8aa9173ca54d

    • SSDEEP

      98304:ZHU6+Sn5CsqTqiHVwBaITzpP7PTSvojqwXqjZyh1IBDxW:Z06+IqTqi1wBaOZ7PTEoj/XqwIBD0

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks