Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    78505ba35b109deb5ba55bc8b8fee598d272fc0df6e2ec3fb5becbfab4256cd6

  • Size

    4.2MB

  • Sample

    230817-3zewaaeb93

  • MD5

    6b7287597b3607ffa5cb1971d61ab96f

  • SHA1

    8e63c6dcce59d22dbe06274a2807809908dea5e5

  • SHA256

    78505ba35b109deb5ba55bc8b8fee598d272fc0df6e2ec3fb5becbfab4256cd6

  • SHA512

    819a79bde001b8e11c11238a4548ef98e5d81ec09841e95198dbfca1b2d1a979f511078afb94a8290c74470715a2ed916086b68e1550ab32f62f11d6258f5bb8

  • SSDEEP

    98304:olLg/P2imBDvU4/bs7E8t3OuaAL+w96FKvrFDmu:ug/ui349ieuaJwcFKvQu

Malware Config

Targets

    • Target

      78505ba35b109deb5ba55bc8b8fee598d272fc0df6e2ec3fb5becbfab4256cd6

    • Size

      4.2MB

    • MD5

      6b7287597b3607ffa5cb1971d61ab96f

    • SHA1

      8e63c6dcce59d22dbe06274a2807809908dea5e5

    • SHA256

      78505ba35b109deb5ba55bc8b8fee598d272fc0df6e2ec3fb5becbfab4256cd6

    • SHA512

      819a79bde001b8e11c11238a4548ef98e5d81ec09841e95198dbfca1b2d1a979f511078afb94a8290c74470715a2ed916086b68e1550ab32f62f11d6258f5bb8

    • SSDEEP

      98304:olLg/P2imBDvU4/bs7E8t3OuaAL+w96FKvrFDmu:ug/ui349ieuaJwcFKvQu

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks