Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    41b3d1592edd9f3aaa2a831f095dda59edd7f98bb36c27c39db403a31a8bd941

  • Size

    4.2MB

  • Sample

    230805-nhgwzsca58

  • MD5

    33e47c3241e074fba4d3b892b35eea65

  • SHA1

    2e154752e47abf5dfa4b041275db81bd593b97b4

  • SHA256

    41b3d1592edd9f3aaa2a831f095dda59edd7f98bb36c27c39db403a31a8bd941

  • SHA512

    e560d115f9871e83d1924aa71ada2b2a8b0425da129462a7575aa5ab11deda67504ab0a5293cb217971c7db1841618f773a6198cb0a52667aa32b2f7e3fa827a

  • SSDEEP

    49152:bkKJ4ZsfYrxXm9QhR89rPUAe0hst3o6EGtQ7sj9BF1o6D5xLQQ4DLdP64YfIO7cS:Y3pFXy8RCDjN8o6mIjdXV23PVJ2

Malware Config

Targets

    • Target

      41b3d1592edd9f3aaa2a831f095dda59edd7f98bb36c27c39db403a31a8bd941

    • Size

      4.2MB

    • MD5

      33e47c3241e074fba4d3b892b35eea65

    • SHA1

      2e154752e47abf5dfa4b041275db81bd593b97b4

    • SHA256

      41b3d1592edd9f3aaa2a831f095dda59edd7f98bb36c27c39db403a31a8bd941

    • SHA512

      e560d115f9871e83d1924aa71ada2b2a8b0425da129462a7575aa5ab11deda67504ab0a5293cb217971c7db1841618f773a6198cb0a52667aa32b2f7e3fa827a

    • SSDEEP

      49152:bkKJ4ZsfYrxXm9QhR89rPUAe0hst3o6EGtQ7sj9BF1o6D5xLQQ4DLdP64YfIO7cS:Y3pFXy8RCDjN8o6mIjdXV23PVJ2

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks