Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    793165fed5526b2d954d18c035e8a067f066e4d13ab31a0d0d073473bd22fde3

  • Size

    4.1MB

  • Sample

    230816-pc7qwsaf67

  • MD5

    abf7008e8f0c5a625935b2195e56097b

  • SHA1

    a9e40263b5ca3782d800b292b4ccbc5214c4aada

  • SHA256

    793165fed5526b2d954d18c035e8a067f066e4d13ab31a0d0d073473bd22fde3

  • SHA512

    a93bcc0f973d53eb6f1ba18027b45704288b407a967afe8435aed93d54f13da006d10ddf16aca92c08259eea82c7e2683a671218491cf02ecd8940e8c6890f40

  • SSDEEP

    49152:B8IjC1rd4LXYRzxyPwo90nv6gW7R9aLpIU8eqeEJkW/jgKz4wOHu1KW2ps9H05bX:Bpm1x4MRonGnv6gWjerx+dXhbKJBHx

Malware Config

Targets

    • Target

      793165fed5526b2d954d18c035e8a067f066e4d13ab31a0d0d073473bd22fde3

    • Size

      4.1MB

    • MD5

      abf7008e8f0c5a625935b2195e56097b

    • SHA1

      a9e40263b5ca3782d800b292b4ccbc5214c4aada

    • SHA256

      793165fed5526b2d954d18c035e8a067f066e4d13ab31a0d0d073473bd22fde3

    • SHA512

      a93bcc0f973d53eb6f1ba18027b45704288b407a967afe8435aed93d54f13da006d10ddf16aca92c08259eea82c7e2683a671218491cf02ecd8940e8c6890f40

    • SSDEEP

      49152:B8IjC1rd4LXYRzxyPwo90nv6gW7R9aLpIU8eqeEJkW/jgKz4wOHu1KW2ps9H05bX:Bpm1x4MRonGnv6gWjerx+dXhbKJBHx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks