Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    badd5a97600ae7232e658ab619332bcdff62cce5e83c5067d5dc6150488a6bf4

  • Size

    4.1MB

  • Sample

    230930-nyhs8abb7s

  • MD5

    c03d424a7e4e44b0068dfe1a06262163

  • SHA1

    13208ed3e42aca05a8ba9d345a0d05231dd465d8

  • SHA256

    badd5a97600ae7232e658ab619332bcdff62cce5e83c5067d5dc6150488a6bf4

  • SHA512

    3727517a60fa195086eb6ec50582f5f56be0082d7621ab15fe8ff7e2542d4545bfd011af26077be765fe2dbf517138b6a04f22dc0cc921e2df481f4b44e9578a

  • SSDEEP

    49152:Evvs6bgkKPFLz+yPjob5CC1GsZg828PJ+wmn4g4LQNHVzn+PX/UHHwA9mwiWCqHC:EvvsOKhr8wqcnXlHt+GHjq1yqzeqsU

Malware Config

Targets

    • Target

      badd5a97600ae7232e658ab619332bcdff62cce5e83c5067d5dc6150488a6bf4

    • Size

      4.1MB

    • MD5

      c03d424a7e4e44b0068dfe1a06262163

    • SHA1

      13208ed3e42aca05a8ba9d345a0d05231dd465d8

    • SHA256

      badd5a97600ae7232e658ab619332bcdff62cce5e83c5067d5dc6150488a6bf4

    • SHA512

      3727517a60fa195086eb6ec50582f5f56be0082d7621ab15fe8ff7e2542d4545bfd011af26077be765fe2dbf517138b6a04f22dc0cc921e2df481f4b44e9578a

    • SSDEEP

      49152:Evvs6bgkKPFLz+yPjob5CC1GsZg828PJ+wmn4g4LQNHVzn+PX/UHHwA9mwiWCqHC:EvvsOKhr8wqcnXlHt+GHjq1yqzeqsU

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks