Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9fa68732bc579839f09a7d88f4073b41cffc5837e10bcf046a7889ef85125b39

  • Size

    4.1MB

  • Sample

    230715-h2z9saab21

  • MD5

    d72dce350187a2ffeb525bd706993ac6

  • SHA1

    b392721af7eaec0791c167f773a81a691acb1824

  • SHA256

    9fa68732bc579839f09a7d88f4073b41cffc5837e10bcf046a7889ef85125b39

  • SHA512

    f25c39ce893078c77a732b08d3ac31d0445042ca221a6be6e3caf532ed27a48e9008de5c4ecc7d1209276548cf5a5e7fcb1cc861401654d2b2458931586aecf9

  • SSDEEP

    98304:6TPptZwgDyD3c2PDbJUwSPwZF+ayxrZUGK6+lSRdYwXNSS4://7bvr+V9ZxmMU

Malware Config

Targets

    • Target

      9fa68732bc579839f09a7d88f4073b41cffc5837e10bcf046a7889ef85125b39

    • Size

      4.1MB

    • MD5

      d72dce350187a2ffeb525bd706993ac6

    • SHA1

      b392721af7eaec0791c167f773a81a691acb1824

    • SHA256

      9fa68732bc579839f09a7d88f4073b41cffc5837e10bcf046a7889ef85125b39

    • SHA512

      f25c39ce893078c77a732b08d3ac31d0445042ca221a6be6e3caf532ed27a48e9008de5c4ecc7d1209276548cf5a5e7fcb1cc861401654d2b2458931586aecf9

    • SSDEEP

      98304:6TPptZwgDyD3c2PDbJUwSPwZF+ayxrZUGK6+lSRdYwXNSS4://7bvr+V9ZxmMU

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks