Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bb0519487c87f6546af4130046a115d4fabec065dab3375cb45f1cd0a4e4e145

  • Size

    4.1MB

  • Sample

    230815-ltke5saa85

  • MD5

    58d68b42a30435c44b9e4154c6cdcc43

  • SHA1

    04d53f9cdec145987c231b905f9eb36a58927f4f

  • SHA256

    bb0519487c87f6546af4130046a115d4fabec065dab3375cb45f1cd0a4e4e145

  • SHA512

    aecc2ea61dc35ce830f66b496404df52125e01eee7efa7a43b2a054af7cb314e863f7624d6d177c78901333e20c7f801e8e99c6352ca5c3a08969860ff614240

  • SSDEEP

    98304:/mN95Y/qoDMTkm02KtgdqZI/BZQnfpnniO43:095Y2AC0geF6

Malware Config

Targets

    • Target

      bb0519487c87f6546af4130046a115d4fabec065dab3375cb45f1cd0a4e4e145

    • Size

      4.1MB

    • MD5

      58d68b42a30435c44b9e4154c6cdcc43

    • SHA1

      04d53f9cdec145987c231b905f9eb36a58927f4f

    • SHA256

      bb0519487c87f6546af4130046a115d4fabec065dab3375cb45f1cd0a4e4e145

    • SHA512

      aecc2ea61dc35ce830f66b496404df52125e01eee7efa7a43b2a054af7cb314e863f7624d6d177c78901333e20c7f801e8e99c6352ca5c3a08969860ff614240

    • SSDEEP

      98304:/mN95Y/qoDMTkm02KtgdqZI/BZQnfpnniO43:095Y2AC0geF6

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks