Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

14/11/2023, 16:34

231114-t3fsbacd46 10

General

  • Target

    04b82eadb3e48f50fd2a7cdd8bf7a2a77e50dc89ae4ff4c31a981a9fc8e7c5bd

  • Size

    4.1MB

  • Sample

    231114-t3fsbacd46

  • MD5

    2f1633d2b4d6848195ca27c6b7906e8f

  • SHA1

    a57f17b0b2c099bde00c9dec1d7588446babce8e

  • SHA256

    04b82eadb3e48f50fd2a7cdd8bf7a2a77e50dc89ae4ff4c31a981a9fc8e7c5bd

  • SHA512

    1e1d59e92d9d368c733f1095001484b2be84b7506a328b572cb8aac0e3001c28a827419e2f6db5987efdcc65dd430e7ddc7095852ff5b2517db812c5f6f14619

  • SSDEEP

    98304:Z7YetR2/ObkBMEj9rmVW9e77Li2Fiew6uB/31:5Yetgi2nj9yD7vi2+6up1

Malware Config

Targets

    • Target

      04b82eadb3e48f50fd2a7cdd8bf7a2a77e50dc89ae4ff4c31a981a9fc8e7c5bd

    • Size

      4.1MB

    • MD5

      2f1633d2b4d6848195ca27c6b7906e8f

    • SHA1

      a57f17b0b2c099bde00c9dec1d7588446babce8e

    • SHA256

      04b82eadb3e48f50fd2a7cdd8bf7a2a77e50dc89ae4ff4c31a981a9fc8e7c5bd

    • SHA512

      1e1d59e92d9d368c733f1095001484b2be84b7506a328b572cb8aac0e3001c28a827419e2f6db5987efdcc65dd430e7ddc7095852ff5b2517db812c5f6f14619

    • SSDEEP

      98304:Z7YetR2/ObkBMEj9rmVW9e77Li2Fiew6uB/31:5Yetgi2nj9yD7vi2+6up1

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks