Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    142d5281e86073d6554836df4aae28a29a33391eb84be574d8fc724db499f97d

  • Size

    4.1MB

  • Sample

    231101-mjzbzsha96

  • MD5

    8f5ed0256d9caf145da25b1d75934165

  • SHA1

    ee4fda9fb2b6d8742b3de1584dfccb2e416d97ad

  • SHA256

    142d5281e86073d6554836df4aae28a29a33391eb84be574d8fc724db499f97d

  • SHA512

    303a7e0ae88bbb91834ff9a91244e01a1cae1163b9c64474e758c244c4b743c16478a82e7f2e5f31ddd4d1551f6f9c7d2fd12f225aa366116f83c6877c8864cb

  • SSDEEP

    98304:5zfyAf11vqsBUtKd39mrHSMY4M6QX/10w1APD/eFP3n:5zyEj7GtmN3MY4M6u6DS

Malware Config

Targets

    • Target

      142d5281e86073d6554836df4aae28a29a33391eb84be574d8fc724db499f97d

    • Size

      4.1MB

    • MD5

      8f5ed0256d9caf145da25b1d75934165

    • SHA1

      ee4fda9fb2b6d8742b3de1584dfccb2e416d97ad

    • SHA256

      142d5281e86073d6554836df4aae28a29a33391eb84be574d8fc724db499f97d

    • SHA512

      303a7e0ae88bbb91834ff9a91244e01a1cae1163b9c64474e758c244c4b743c16478a82e7f2e5f31ddd4d1551f6f9c7d2fd12f225aa366116f83c6877c8864cb

    • SSDEEP

      98304:5zfyAf11vqsBUtKd39mrHSMY4M6QX/10w1APD/eFP3n:5zyEj7GtmN3MY4M6u6DS

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks