Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3857f8b77f1ba509a3ea8650de8e7b3aa4042ed8b6498590e50ce2ccb8df4c03

  • Size

    4.1MB

  • Sample

    240406-1cgegscb84

  • MD5

    bdb0a0ffbcb8fd3ab3d0d4bdf5375984

  • SHA1

    ff7973e02bd8ca3d2200308ef0635509c5732a9e

  • SHA256

    3857f8b77f1ba509a3ea8650de8e7b3aa4042ed8b6498590e50ce2ccb8df4c03

  • SHA512

    243d1abc4c2148851f1d8dfe01d4253d264726ab34cebdf9920f7d32227db8673600764331fa598dfe9517c881c21c2fd50df3c9dc791943a4db2df273b5ba29

  • SSDEEP

    98304:nZTJtvrSQI+RdfgxNOWs+luvBV3Kjpf8MTPWtsil5n:ZVJ5f9clKG+MTut9P

Malware Config

Targets

    • Target

      3857f8b77f1ba509a3ea8650de8e7b3aa4042ed8b6498590e50ce2ccb8df4c03

    • Size

      4.1MB

    • MD5

      bdb0a0ffbcb8fd3ab3d0d4bdf5375984

    • SHA1

      ff7973e02bd8ca3d2200308ef0635509c5732a9e

    • SHA256

      3857f8b77f1ba509a3ea8650de8e7b3aa4042ed8b6498590e50ce2ccb8df4c03

    • SHA512

      243d1abc4c2148851f1d8dfe01d4253d264726ab34cebdf9920f7d32227db8673600764331fa598dfe9517c881c21c2fd50df3c9dc791943a4db2df273b5ba29

    • SSDEEP

      98304:nZTJtvrSQI+RdfgxNOWs+luvBV3Kjpf8MTPWtsil5n:ZVJ5f9clKG+MTut9P

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks