Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    48d39ccb2434a34a77c0678692b21f450f86a89ac555bcae49a6cfcda04b0492

  • Size

    4.1MB

  • Sample

    231030-yes5yseh41

  • MD5

    f490fa8194eb216835fda4acb2b5fb27

  • SHA1

    cfde4db286d54cf0400d62e8733d48618a153446

  • SHA256

    48d39ccb2434a34a77c0678692b21f450f86a89ac555bcae49a6cfcda04b0492

  • SHA512

    fa54694ff06fd8ebb5e3109a1deab3e734624462b56415e392983f4df52c1593d2471aff7e111074a70a51984af952926fdba2f0236ca46f40cead16a7a19cec

  • SSDEEP

    98304:Vf63D8+4ZduuLmMJOCX9iDFxVUeqf5yUkLtXKJNkQGYriDdLNnZ:s3D8+4qykCtMrVg6XKNFriDVNnZ

Malware Config

Targets

    • Target

      48d39ccb2434a34a77c0678692b21f450f86a89ac555bcae49a6cfcda04b0492

    • Size

      4.1MB

    • MD5

      f490fa8194eb216835fda4acb2b5fb27

    • SHA1

      cfde4db286d54cf0400d62e8733d48618a153446

    • SHA256

      48d39ccb2434a34a77c0678692b21f450f86a89ac555bcae49a6cfcda04b0492

    • SHA512

      fa54694ff06fd8ebb5e3109a1deab3e734624462b56415e392983f4df52c1593d2471aff7e111074a70a51984af952926fdba2f0236ca46f40cead16a7a19cec

    • SSDEEP

      98304:Vf63D8+4ZduuLmMJOCX9iDFxVUeqf5yUkLtXKJNkQGYriDdLNnZ:s3D8+4qykCtMrVg6XKNFriDVNnZ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks