Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    83b2ebbdb009adb61522e1e8d9e0529265a34a90b5b5e2b300306887f64c4954

  • Size

    4.1MB

  • Sample

    231024-jrcleadd29

  • MD5

    2b1dcdc1fdf8697cf4a1c07eea031fa1

  • SHA1

    6b5cb7e331a0522a4fd0f10cb277fe42f6019666

  • SHA256

    83b2ebbdb009adb61522e1e8d9e0529265a34a90b5b5e2b300306887f64c4954

  • SHA512

    6fb13b99d90e4641ff9d7a8c57998f3cb7916eba19dc99667da7959c1900e5371b0b1ec931fcbedb2410bb166909e2d29c7f5bc47a4880eb04495357d684a7ee

  • SSDEEP

    98304:ZDYN209W2T8E9IJqa870LeNIZlDn2Z7jE5hPsM:B09W2R9Is3uKIZsAsM

Malware Config

Targets

    • Target

      83b2ebbdb009adb61522e1e8d9e0529265a34a90b5b5e2b300306887f64c4954

    • Size

      4.1MB

    • MD5

      2b1dcdc1fdf8697cf4a1c07eea031fa1

    • SHA1

      6b5cb7e331a0522a4fd0f10cb277fe42f6019666

    • SHA256

      83b2ebbdb009adb61522e1e8d9e0529265a34a90b5b5e2b300306887f64c4954

    • SHA512

      6fb13b99d90e4641ff9d7a8c57998f3cb7916eba19dc99667da7959c1900e5371b0b1ec931fcbedb2410bb166909e2d29c7f5bc47a4880eb04495357d684a7ee

    • SSDEEP

      98304:ZDYN209W2T8E9IJqa870LeNIZlDn2Z7jE5hPsM:B09W2R9Is3uKIZsAsM

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks