Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6cfa7bcedd6d520680771a1c26ace9e12c0d1756d0409353a1ee084d73e0b96e

  • Size

    4.1MB

  • Sample

    240429-fe484sag38

  • MD5

    b068b5a5ee8be4de86f67b5c2b5bf5d5

  • SHA1

    5e18f8587e2f0dcb60b7b8da2ba34b322dc3a101

  • SHA256

    6cfa7bcedd6d520680771a1c26ace9e12c0d1756d0409353a1ee084d73e0b96e

  • SHA512

    bcedd5ef88e873b4273b6d5938854655006866f8fdcfcea0f845c2ce7dc6582b1787a5f4b668ae9e7bc09c73d1e574dc2bfe5d46a24cd7b8d62e8dd3ed2c7cc7

  • SSDEEP

    98304:gmt2HMNzbl5vG6exEEj3um3jyNJdQ91UKr1D7kBRa7m:gmt2Hsbl5vMradQvtZvri

Malware Config

Targets

    • Target

      6cfa7bcedd6d520680771a1c26ace9e12c0d1756d0409353a1ee084d73e0b96e

    • Size

      4.1MB

    • MD5

      b068b5a5ee8be4de86f67b5c2b5bf5d5

    • SHA1

      5e18f8587e2f0dcb60b7b8da2ba34b322dc3a101

    • SHA256

      6cfa7bcedd6d520680771a1c26ace9e12c0d1756d0409353a1ee084d73e0b96e

    • SHA512

      bcedd5ef88e873b4273b6d5938854655006866f8fdcfcea0f845c2ce7dc6582b1787a5f4b668ae9e7bc09c73d1e574dc2bfe5d46a24cd7b8d62e8dd3ed2c7cc7

    • SSDEEP

      98304:gmt2HMNzbl5vG6exEEj3um3jyNJdQ91UKr1D7kBRa7m:gmt2Hsbl5vMradQvtZvri

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks