Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c60bb05e532aca62fe0adb19d39a8d59e2f3b490a7966743e9722cbc4d617c9d

  • Size

    4.2MB

  • Sample

    230824-ywhqjsfd34

  • MD5

    4f5559a8ebc265e622b3c9674a8c65ef

  • SHA1

    f75cef393a3dd5efcee92a0f5e76e257133983ef

  • SHA256

    c60bb05e532aca62fe0adb19d39a8d59e2f3b490a7966743e9722cbc4d617c9d

  • SHA512

    a3897781beb7da33f0ca92322da9be459546db8be6fc35723f17fd271227dc9e385aa2d2aad3648b05d5eb7b3afb464758ae9c3fdbb1cc5159efe33f5a3f2047

  • SSDEEP

    98304:4PJYirTf0osoK5GxTX1kU/A4EjYw+F6UEXqrlaD:Q18osoK5CTXWU44Ut+EnaMD

Malware Config

Targets

    • Target

      c60bb05e532aca62fe0adb19d39a8d59e2f3b490a7966743e9722cbc4d617c9d

    • Size

      4.2MB

    • MD5

      4f5559a8ebc265e622b3c9674a8c65ef

    • SHA1

      f75cef393a3dd5efcee92a0f5e76e257133983ef

    • SHA256

      c60bb05e532aca62fe0adb19d39a8d59e2f3b490a7966743e9722cbc4d617c9d

    • SHA512

      a3897781beb7da33f0ca92322da9be459546db8be6fc35723f17fd271227dc9e385aa2d2aad3648b05d5eb7b3afb464758ae9c3fdbb1cc5159efe33f5a3f2047

    • SSDEEP

      98304:4PJYirTf0osoK5GxTX1kU/A4EjYw+F6UEXqrlaD:Q18osoK5CTXWU44Ut+EnaMD

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks