Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e93899dc72af897967ac4eb6eeca74a61684544bf5ce384506d865b4d67a1014

  • Size

    4.2MB

  • Sample

    230804-fqvh2sag3v

  • MD5

    9e034c3dcf59af270ce011de6015383e

  • SHA1

    c16452f07dab0c52522bd36ace6f86b9b8abce4a

  • SHA256

    e93899dc72af897967ac4eb6eeca74a61684544bf5ce384506d865b4d67a1014

  • SHA512

    3c4bae3776da3f8eff1a5fdca4e4d7c59a4b7e261b29a8b6b1d66b4af9bd097998e4558ba217a411d2b96a475b978974c5f020c4c515d0961e70bbcf558e4b81

  • SSDEEP

    98304:0JRdPqRVNzfxhpmCltJfXHrByOEDlImIiOhKN:0ndeVRltxAZlgB0

Malware Config

Targets

    • Target

      e93899dc72af897967ac4eb6eeca74a61684544bf5ce384506d865b4d67a1014

    • Size

      4.2MB

    • MD5

      9e034c3dcf59af270ce011de6015383e

    • SHA1

      c16452f07dab0c52522bd36ace6f86b9b8abce4a

    • SHA256

      e93899dc72af897967ac4eb6eeca74a61684544bf5ce384506d865b4d67a1014

    • SHA512

      3c4bae3776da3f8eff1a5fdca4e4d7c59a4b7e261b29a8b6b1d66b4af9bd097998e4558ba217a411d2b96a475b978974c5f020c4c515d0961e70bbcf558e4b81

    • SSDEEP

      98304:0JRdPqRVNzfxhpmCltJfXHrByOEDlImIiOhKN:0ndeVRltxAZlgB0

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks