Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e79141c86bc20580d6c6c763d794c1fa8f6500f47cad86e3a931aa75981d1dd9

  • Size

    4.2MB

  • Sample

    230516-3ev2rsda52

  • MD5

    d1b49cddca7d56e08f07561850685792

  • SHA1

    7456f97ae7f6c70f5f46675d6756981660f7d480

  • SHA256

    e79141c86bc20580d6c6c763d794c1fa8f6500f47cad86e3a931aa75981d1dd9

  • SHA512

    ba32a1cbe94228e870357c1c6093f96cb6c264da2c1d37c99b1c8a0f76980ab606c248776a7b3041cfabd44218e3e92e2549653581117d9ee4d6e05b6218342a

  • SSDEEP

    98304:g2WQc+pfUK1fBlZYydq9z4CkKwvw0QdDsM/:g2WQFpcKBlJYz4vpw0QdDsk

Malware Config

Targets

    • Target

      e79141c86bc20580d6c6c763d794c1fa8f6500f47cad86e3a931aa75981d1dd9

    • Size

      4.2MB

    • MD5

      d1b49cddca7d56e08f07561850685792

    • SHA1

      7456f97ae7f6c70f5f46675d6756981660f7d480

    • SHA256

      e79141c86bc20580d6c6c763d794c1fa8f6500f47cad86e3a931aa75981d1dd9

    • SHA512

      ba32a1cbe94228e870357c1c6093f96cb6c264da2c1d37c99b1c8a0f76980ab606c248776a7b3041cfabd44218e3e92e2549653581117d9ee4d6e05b6218342a

    • SSDEEP

      98304:g2WQc+pfUK1fBlZYydq9z4CkKwvw0QdDsM/:g2WQFpcKBlJYz4vpw0QdDsk

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks