Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    45cf09e26acea6e9d65bfef33939f4cc.exe

  • Size

    4.4MB

  • Sample

    240106-mefzvaegh8

  • MD5

    45cf09e26acea6e9d65bfef33939f4cc

  • SHA1

    0f8fde24d0f0cabbcfcd97eb1b7ae84f4cbd4331

  • SHA256

    b25b92d25b55c23f75775f1f50e83d5efc2881e8bdb02c0d2a3c3b4b21ccb9eb

  • SHA512

    8913e691f5e6f449cad2d0836635b148b0fc98411218b7f2f4920b40cb8ad9ae8b385a88806a045aaeca477076180ab3087519e0d1ab4345bac82a9739a9af35

  • SSDEEP

    98304:YoIRGeaWtfnBWWGqJlOOpLFWikkLMXwxFr8oiWtWKo4pX0x:mvnhGqJlOOjWRkLMAxFDF9

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      45cf09e26acea6e9d65bfef33939f4cc.exe

    • Size

      4.4MB

    • MD5

      45cf09e26acea6e9d65bfef33939f4cc

    • SHA1

      0f8fde24d0f0cabbcfcd97eb1b7ae84f4cbd4331

    • SHA256

      b25b92d25b55c23f75775f1f50e83d5efc2881e8bdb02c0d2a3c3b4b21ccb9eb

    • SHA512

      8913e691f5e6f449cad2d0836635b148b0fc98411218b7f2f4920b40cb8ad9ae8b385a88806a045aaeca477076180ab3087519e0d1ab4345bac82a9739a9af35

    • SSDEEP

      98304:YoIRGeaWtfnBWWGqJlOOpLFWikkLMXwxFr8oiWtWKo4pX0x:mvnhGqJlOOjWRkLMAxFDF9

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies boot configuration data using bcdedit

    • Modifies Windows Firewall

    • Possible attempt to disable PatchGuard

      Rootkits can use kernel patching to embed themselves in an operating system.

MITRE ATT&CK Enterprise v15

Tasks