Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    af34b4cc7052f2676f67626cca7aac26c58bd440275e536e7b07d42c3534acb6

  • Size

    4.2MB

  • Sample

    231006-pwj4yadf22

  • MD5

    54d8a57a27ac6dbb7c5e3788fde180af

  • SHA1

    b9245ffd13ada5964927be9c3005dac1a264a6a2

  • SHA256

    af34b4cc7052f2676f67626cca7aac26c58bd440275e536e7b07d42c3534acb6

  • SHA512

    94bedc322530b418d100df61fc03d647b524065232e1b1a611d67c8865339e24b33a906ae2e2c89a3b9680c3dc786c6d76deb7832dbcd2297ec09e3bb64e980c

  • SSDEEP

    98304:N3eqCz2PBKHiRxrRC5cH++3I1lp+ihk0Ue8KZP5FG+JxfUaK7/:xPBKHkX+XQihPUeXBk+z8aW

Malware Config

Targets

    • Target

      af34b4cc7052f2676f67626cca7aac26c58bd440275e536e7b07d42c3534acb6

    • Size

      4.2MB

    • MD5

      54d8a57a27ac6dbb7c5e3788fde180af

    • SHA1

      b9245ffd13ada5964927be9c3005dac1a264a6a2

    • SHA256

      af34b4cc7052f2676f67626cca7aac26c58bd440275e536e7b07d42c3534acb6

    • SHA512

      94bedc322530b418d100df61fc03d647b524065232e1b1a611d67c8865339e24b33a906ae2e2c89a3b9680c3dc786c6d76deb7832dbcd2297ec09e3bb64e980c

    • SSDEEP

      98304:N3eqCz2PBKHiRxrRC5cH++3I1lp+ihk0Ue8KZP5FG+JxfUaK7/:xPBKHkX+XQihPUeXBk+z8aW

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks