Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2cd5757ed7dc5c222092573bcacb790a298525ebd71241164b516a7af828ffb3

  • Size

    4.1MB

  • Sample

    231030-z29xnahb85

  • MD5

    6cca780b5d78feab6fcf07c4cbc9c52e

  • SHA1

    2bbf6645d0a7aaef09ec42742224568a74191f36

  • SHA256

    2cd5757ed7dc5c222092573bcacb790a298525ebd71241164b516a7af828ffb3

  • SHA512

    25b8e6e3da26f53a3082e3be90ae5c464b7aa48d30a69eb8c0fb40c14c35f1c0947c5d569e8f9077e70af474970984f20fa63f390d36da8b44d61e16a798ecdb

  • SSDEEP

    98304:i2wSw+o07xPALnVPII8CJvfhzqAd1MjJxMhYaJ6xFsDFU2KU5ijrveTHTh:CSw+Z9ALVgKfhuEMJSYIasR4wijrvsHV

Malware Config

Targets

    • Target

      2cd5757ed7dc5c222092573bcacb790a298525ebd71241164b516a7af828ffb3

    • Size

      4.1MB

    • MD5

      6cca780b5d78feab6fcf07c4cbc9c52e

    • SHA1

      2bbf6645d0a7aaef09ec42742224568a74191f36

    • SHA256

      2cd5757ed7dc5c222092573bcacb790a298525ebd71241164b516a7af828ffb3

    • SHA512

      25b8e6e3da26f53a3082e3be90ae5c464b7aa48d30a69eb8c0fb40c14c35f1c0947c5d569e8f9077e70af474970984f20fa63f390d36da8b44d61e16a798ecdb

    • SSDEEP

      98304:i2wSw+o07xPALnVPII8CJvfhzqAd1MjJxMhYaJ6xFsDFU2KU5ijrveTHTh:CSw+Z9ALVgKfhuEMJSYIasR4wijrvsHV

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks