Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    321acfeb0098a86373ab3752f9b7145cc85fd5bc5b50d8876241b28d4d5724dd

  • Size

    4.2MB

  • Sample

    230923-kjm8lsfh89

  • MD5

    fb5e19d4335fcdc40ba3980c5d3a1bcc

  • SHA1

    1d707cb928336a1d6903a24354cc1df1d06bf7de

  • SHA256

    321acfeb0098a86373ab3752f9b7145cc85fd5bc5b50d8876241b28d4d5724dd

  • SHA512

    d983432a56c8201444d77e8befc8aa0d8beb2183b73dea1e64a7d28b3158a6c394c8d3884a7038037fbb2a2c57951f07d8770ef3b6d6f051ed7e415f181d0414

  • SSDEEP

    98304:OfrTbheRqFixgd2vdUGHDWyNS6A06u71wPfCzjVACDb:wbheAjdutRNS6L1tzj

Malware Config

Targets

    • Target

      321acfeb0098a86373ab3752f9b7145cc85fd5bc5b50d8876241b28d4d5724dd

    • Size

      4.2MB

    • MD5

      fb5e19d4335fcdc40ba3980c5d3a1bcc

    • SHA1

      1d707cb928336a1d6903a24354cc1df1d06bf7de

    • SHA256

      321acfeb0098a86373ab3752f9b7145cc85fd5bc5b50d8876241b28d4d5724dd

    • SHA512

      d983432a56c8201444d77e8befc8aa0d8beb2183b73dea1e64a7d28b3158a6c394c8d3884a7038037fbb2a2c57951f07d8770ef3b6d6f051ed7e415f181d0414

    • SSDEEP

      98304:OfrTbheRqFixgd2vdUGHDWyNS6A06u71wPfCzjVACDb:wbheAjdutRNS6L1tzj

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks