Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eeed2a84f7cb7870029b27e7311e97e460a811bd16917af0ff03984bc04c422a

  • Size

    4.1MB

  • Sample

    230818-fhgxzshb21

  • MD5

    63a4b7a75c7f61b0b8e5bcff76ea568f

  • SHA1

    f6cc6719abbbd9153c56c8b1003545bbddb8866e

  • SHA256

    eeed2a84f7cb7870029b27e7311e97e460a811bd16917af0ff03984bc04c422a

  • SHA512

    b5f6267a8f7ff26d098f8478aedb335376ecf505a8f7e40ff5fc8ca1800c453c88ca4919d45b9732ac795192025bd161edbc2189d964b51555a692c8485b2d32

  • SSDEEP

    98304:/MsNBclsZXBxG6zVUpkrCaOkTsxJyhxrRx4FuNAnKgoIm5:Us8lsZXu6ypkrCH1yhxrvPezc

Malware Config

Targets

    • Target

      eeed2a84f7cb7870029b27e7311e97e460a811bd16917af0ff03984bc04c422a

    • Size

      4.1MB

    • MD5

      63a4b7a75c7f61b0b8e5bcff76ea568f

    • SHA1

      f6cc6719abbbd9153c56c8b1003545bbddb8866e

    • SHA256

      eeed2a84f7cb7870029b27e7311e97e460a811bd16917af0ff03984bc04c422a

    • SHA512

      b5f6267a8f7ff26d098f8478aedb335376ecf505a8f7e40ff5fc8ca1800c453c88ca4919d45b9732ac795192025bd161edbc2189d964b51555a692c8485b2d32

    • SSDEEP

      98304:/MsNBclsZXBxG6zVUpkrCaOkTsxJyhxrRx4FuNAnKgoIm5:Us8lsZXu6ypkrCH1yhxrvPezc

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks