Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    13adeea84a682bd402a321c8b1289ec3def4ebc2a3d87edff436492311e7ee12

  • Size

    4.2MB

  • Sample

    230605-crjw6afa9y

  • MD5

    445fd17cf81c9ca1888e01cd857e3973

  • SHA1

    c9104c9ba8af6aa51b91391bab2f7c26d2620cae

  • SHA256

    13adeea84a682bd402a321c8b1289ec3def4ebc2a3d87edff436492311e7ee12

  • SHA512

    8542933205d1e12bd148b707014645a31dc0c91cfd3130268b7d5a9f23a51940057c757d523368adccfca1c08d4048295e2b02a74674c784d515feb630e5e0b4

  • SSDEEP

    98304:wcqU71k9uIcOOX3U7dpf6ELptGigmzK3yj4Rv:yUJ29YnJkXgmzK3fRv

Malware Config

Targets

    • Target

      13adeea84a682bd402a321c8b1289ec3def4ebc2a3d87edff436492311e7ee12

    • Size

      4.2MB

    • MD5

      445fd17cf81c9ca1888e01cd857e3973

    • SHA1

      c9104c9ba8af6aa51b91391bab2f7c26d2620cae

    • SHA256

      13adeea84a682bd402a321c8b1289ec3def4ebc2a3d87edff436492311e7ee12

    • SHA512

      8542933205d1e12bd148b707014645a31dc0c91cfd3130268b7d5a9f23a51940057c757d523368adccfca1c08d4048295e2b02a74674c784d515feb630e5e0b4

    • SSDEEP

      98304:wcqU71k9uIcOOX3U7dpf6ELptGigmzK3yj4Rv:yUJ29YnJkXgmzK3fRv

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks