Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    decdb3e40a96dfe78fd5dfd940d37bfba4a4c5bbf4c10a283ae27e0903e90193

  • Size

    4.1MB

  • Sample

    231014-kk48hsdc65

  • MD5

    57045d9cf270b4282971661f34627237

  • SHA1

    7f8c8b0536a5c8c77d2920b673b9302cc18fce8f

  • SHA256

    decdb3e40a96dfe78fd5dfd940d37bfba4a4c5bbf4c10a283ae27e0903e90193

  • SHA512

    af544b2dbf8e3f06b535906cc99662ddbec6b46fbdee322030042526ad764e41435d453a69c2507b19956b5de7500950abfa570b18fc2a9c077b720f20967108

  • SSDEEP

    98304:+wp3cro0iZyioDMfdJPL9iMgeqX6DM3uix03Z9L4v35QOR:+MkunoDMfdJPL3geqMM3xGHLi5QQ

Malware Config

Targets

    • Target

      decdb3e40a96dfe78fd5dfd940d37bfba4a4c5bbf4c10a283ae27e0903e90193

    • Size

      4.1MB

    • MD5

      57045d9cf270b4282971661f34627237

    • SHA1

      7f8c8b0536a5c8c77d2920b673b9302cc18fce8f

    • SHA256

      decdb3e40a96dfe78fd5dfd940d37bfba4a4c5bbf4c10a283ae27e0903e90193

    • SHA512

      af544b2dbf8e3f06b535906cc99662ddbec6b46fbdee322030042526ad764e41435d453a69c2507b19956b5de7500950abfa570b18fc2a9c077b720f20967108

    • SSDEEP

      98304:+wp3cro0iZyioDMfdJPL9iMgeqX6DM3uix03Z9L4v35QOR:+MkunoDMfdJPL3geqMM3xGHLi5QQ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks