Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d90a1ace2b650839188b87bad44aa97a4cabb290d344b4e0cedac82bf40ee436

  • Size

    4.2MB

  • Sample

    231006-fklnysbc74

  • MD5

    f3158a6df0ae23abc8aa58a794d6e833

  • SHA1

    4e0087ef53de76bec282be089e3707794986bca2

  • SHA256

    d90a1ace2b650839188b87bad44aa97a4cabb290d344b4e0cedac82bf40ee436

  • SHA512

    accd799a0faee4b2a0b67c27877debf9a9d5d8aa865664859dc04cbaf4d968f51b3e143d111056d3026e7dbc4bad39b13b8b03efbd6ca9a1f3ae61c6f05ab6e4

  • SSDEEP

    98304:xF10jpaWsugxMhTbI3iyxger++TzsWgXZ7Un:V0jUIHhTXIge5EjXZK

Malware Config

Targets

    • Target

      d90a1ace2b650839188b87bad44aa97a4cabb290d344b4e0cedac82bf40ee436

    • Size

      4.2MB

    • MD5

      f3158a6df0ae23abc8aa58a794d6e833

    • SHA1

      4e0087ef53de76bec282be089e3707794986bca2

    • SHA256

      d90a1ace2b650839188b87bad44aa97a4cabb290d344b4e0cedac82bf40ee436

    • SHA512

      accd799a0faee4b2a0b67c27877debf9a9d5d8aa865664859dc04cbaf4d968f51b3e143d111056d3026e7dbc4bad39b13b8b03efbd6ca9a1f3ae61c6f05ab6e4

    • SSDEEP

      98304:xF10jpaWsugxMhTbI3iyxger++TzsWgXZ7Un:V0jUIHhTXIge5EjXZK

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks