Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    80dc2fc2a715074551a46756f45ef239e4460d1ca3628f2bf7f3e292da5ab42d

  • Size

    4.2MB

  • Sample

    230830-s62cragd94

  • MD5

    32ecc641dd1c488a07895f1fd514676a

  • SHA1

    13e96a40a519490e743fca5ea9f887f2a179907a

  • SHA256

    80dc2fc2a715074551a46756f45ef239e4460d1ca3628f2bf7f3e292da5ab42d

  • SHA512

    633249fe7547a023f4ff4e7e3b1bb02ad312191fdfc73e6176b1d8d6accb6c41ac03b0e94f31619936e554b67040498e899f111a35901074d488df2eda9a9ec4

  • SSDEEP

    98304:Rlls8IrhtXCrQ3FbaSbK7aPhLvYZ1rVAWlOtJbx1:nls8ohtSMhu7QEZRySwJN1

Malware Config

Targets

    • Target

      80dc2fc2a715074551a46756f45ef239e4460d1ca3628f2bf7f3e292da5ab42d

    • Size

      4.2MB

    • MD5

      32ecc641dd1c488a07895f1fd514676a

    • SHA1

      13e96a40a519490e743fca5ea9f887f2a179907a

    • SHA256

      80dc2fc2a715074551a46756f45ef239e4460d1ca3628f2bf7f3e292da5ab42d

    • SHA512

      633249fe7547a023f4ff4e7e3b1bb02ad312191fdfc73e6176b1d8d6accb6c41ac03b0e94f31619936e554b67040498e899f111a35901074d488df2eda9a9ec4

    • SSDEEP

      98304:Rlls8IrhtXCrQ3FbaSbK7aPhLvYZ1rVAWlOtJbx1:nls8ohtSMhu7QEZRySwJN1

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks