Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    392658a5c4b113ea0567428a48eb61811cffaddae9b4e1edd60d19fd2cc8508d

  • Size

    4.1MB

  • Sample

    231111-1hqv4sbf6z

  • MD5

    480efe2b0ce3354cbb340cc9e9d41ee3

  • SHA1

    60aec0b10b74c0a50fcb53339bde467af959721c

  • SHA256

    392658a5c4b113ea0567428a48eb61811cffaddae9b4e1edd60d19fd2cc8508d

  • SHA512

    e78d4455ae41f5df17babdfbae7fb84878d53c4090e38c40b4dbb33ce0280082da29dc1f4e2c188e61f3a106e78c498d506f04f38d52ac714919d3846296ed4b

  • SSDEEP

    98304:3fbVoMS4u9p6gIOz2vPpHWhxcTS63Gu1sAbKUu/1/:Dgv462vPpHicW6Wu25F

Malware Config

Targets

    • Target

      392658a5c4b113ea0567428a48eb61811cffaddae9b4e1edd60d19fd2cc8508d

    • Size

      4.1MB

    • MD5

      480efe2b0ce3354cbb340cc9e9d41ee3

    • SHA1

      60aec0b10b74c0a50fcb53339bde467af959721c

    • SHA256

      392658a5c4b113ea0567428a48eb61811cffaddae9b4e1edd60d19fd2cc8508d

    • SHA512

      e78d4455ae41f5df17babdfbae7fb84878d53c4090e38c40b4dbb33ce0280082da29dc1f4e2c188e61f3a106e78c498d506f04f38d52ac714919d3846296ed4b

    • SSDEEP

      98304:3fbVoMS4u9p6gIOz2vPpHWhxcTS63Gu1sAbKUu/1/:Dgv462vPpHicW6Wu25F

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks