Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f5c18adb5340be8674d62ebb411bcbfe48223520a3860ebaac1f08ab5bf5f78a

  • Size

    4.1MB

  • Sample

    231104-zgqchsgg73

  • MD5

    1d386dd51cf91a6885cb544e552014b6

  • SHA1

    773ace3a378c05ae174aa4e53c0fa50c28ba860b

  • SHA256

    f5c18adb5340be8674d62ebb411bcbfe48223520a3860ebaac1f08ab5bf5f78a

  • SHA512

    7ffd96d4f2020fab1950e968899cccc919ee927c469a6b4d055118057af38e8ef181cdf9625c276cf8f543634a95fc3bb4e17aa652c5e56be6db1988b2f98909

  • SSDEEP

    98304:yjNKUWesWKj9sKqId6WUQgaTrLR5LINtkOiCzyNZrEe3B:yjkUShsLId6hQL5EwYyNpEUB

Malware Config

Targets

    • Target

      f5c18adb5340be8674d62ebb411bcbfe48223520a3860ebaac1f08ab5bf5f78a

    • Size

      4.1MB

    • MD5

      1d386dd51cf91a6885cb544e552014b6

    • SHA1

      773ace3a378c05ae174aa4e53c0fa50c28ba860b

    • SHA256

      f5c18adb5340be8674d62ebb411bcbfe48223520a3860ebaac1f08ab5bf5f78a

    • SHA512

      7ffd96d4f2020fab1950e968899cccc919ee927c469a6b4d055118057af38e8ef181cdf9625c276cf8f543634a95fc3bb4e17aa652c5e56be6db1988b2f98909

    • SSDEEP

      98304:yjNKUWesWKj9sKqId6WUQgaTrLR5LINtkOiCzyNZrEe3B:yjkUShsLId6hQL5EwYyNpEUB

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks