Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9261abac372aa5ff15c6c5942d02d75894ca844b00e2dfd7e900a532438f8b93

  • Size

    4.1MB

  • Sample

    231004-jr651saa9s

  • MD5

    4397d8c74b587881a885a850c0c2ddd9

  • SHA1

    1f6b4af654fda8923921ae9f7d65ff1eda48c340

  • SHA256

    9261abac372aa5ff15c6c5942d02d75894ca844b00e2dfd7e900a532438f8b93

  • SHA512

    6956f0806a5a19026c76f416c2abaa615096d2200550dada73f065575f0029abd67ab593c9bfe8cbab7da92083f84f1860af6fdd7d81b8c9cb316b9c861e85ae

  • SSDEEP

    98304:mYqeyY3InyeXPXVYbXLmQwZOq23TP1bqStpaZv5yFAidrTD8vcx6dY:mVweXPX+b7mj4tJGkAwrT16+

Malware Config

Targets

    • Target

      9261abac372aa5ff15c6c5942d02d75894ca844b00e2dfd7e900a532438f8b93

    • Size

      4.1MB

    • MD5

      4397d8c74b587881a885a850c0c2ddd9

    • SHA1

      1f6b4af654fda8923921ae9f7d65ff1eda48c340

    • SHA256

      9261abac372aa5ff15c6c5942d02d75894ca844b00e2dfd7e900a532438f8b93

    • SHA512

      6956f0806a5a19026c76f416c2abaa615096d2200550dada73f065575f0029abd67ab593c9bfe8cbab7da92083f84f1860af6fdd7d81b8c9cb316b9c861e85ae

    • SSDEEP

      98304:mYqeyY3InyeXPXVYbXLmQwZOq23TP1bqStpaZv5yFAidrTD8vcx6dY:mVweXPX+b7mj4tJGkAwrT16+

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks