Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0090cf23254e6c0a2d033bb3f288fb94a7a09016a81e787cd476fe5f71f42037

  • Size

    4.1MB

  • Sample

    230818-3n5bssfb84

  • MD5

    59bad90b34f65664cdb22fa0306c1058

  • SHA1

    b623971f4840786bc6492b011944b889bc6e468c

  • SHA256

    0090cf23254e6c0a2d033bb3f288fb94a7a09016a81e787cd476fe5f71f42037

  • SHA512

    d43bb90f2d8abfa148e2d1c36d396947e1eaeb019baaff582d7e4ad76399ea1ffca4dd9838f6fec24fb434d23c6f4d51a9c29140f37bb0e9e3a3dd7631c27eaa

  • SSDEEP

    98304:7LiWUcl5dRYjiauDJtj/YdqcaFILC0tFKknLdeqatqHXx9ypY9W:7Lr/5dRscN2dqcgHVkLdRGqHXvyL

Malware Config

Targets

    • Target

      0090cf23254e6c0a2d033bb3f288fb94a7a09016a81e787cd476fe5f71f42037

    • Size

      4.1MB

    • MD5

      59bad90b34f65664cdb22fa0306c1058

    • SHA1

      b623971f4840786bc6492b011944b889bc6e468c

    • SHA256

      0090cf23254e6c0a2d033bb3f288fb94a7a09016a81e787cd476fe5f71f42037

    • SHA512

      d43bb90f2d8abfa148e2d1c36d396947e1eaeb019baaff582d7e4ad76399ea1ffca4dd9838f6fec24fb434d23c6f4d51a9c29140f37bb0e9e3a3dd7631c27eaa

    • SSDEEP

      98304:7LiWUcl5dRYjiauDJtj/YdqcaFILC0tFKknLdeqatqHXx9ypY9W:7Lr/5dRscN2dqcgHVkLdRGqHXvyL

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks