Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1f4d55b98a31413eb6ec577ac192dc53

  • Size

    4.5MB

  • Sample

    231225-bhcaaaghd8

  • MD5

    1f4d55b98a31413eb6ec577ac192dc53

  • SHA1

    1a798dc46efbfa02acc451999111717619023a5c

  • SHA256

    b8409cd4c76480d62bb3abe797d9509dbdc2f6170dd065661ee86cc8fa19c95f

  • SHA512

    eec08fed3b7aa0de3e7da0a71715da918fc57faa83f600a699d7846d53d68b4521d111f33fb1d665116a0dfe543b9ff3e4517e2c5a9cbb16521823d967e21208

  • SSDEEP

    98304:nbHEpjqA1gg36zN2tMXsAdAV9Rl5FVo1cS4V9sNxOegkMn:nolqGE2tAS9NFVrV3UxOeMn

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      1f4d55b98a31413eb6ec577ac192dc53

    • Size

      4.5MB

    • MD5

      1f4d55b98a31413eb6ec577ac192dc53

    • SHA1

      1a798dc46efbfa02acc451999111717619023a5c

    • SHA256

      b8409cd4c76480d62bb3abe797d9509dbdc2f6170dd065661ee86cc8fa19c95f

    • SHA512

      eec08fed3b7aa0de3e7da0a71715da918fc57faa83f600a699d7846d53d68b4521d111f33fb1d665116a0dfe543b9ff3e4517e2c5a9cbb16521823d967e21208

    • SSDEEP

      98304:nbHEpjqA1gg36zN2tMXsAdAV9Rl5FVo1cS4V9sNxOegkMn:nolqGE2tAS9NFVrV3UxOeMn

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks