Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a94b4d5dda264c9f7112318f5dc6980ba7a0115c63d0543f6ba8b320528f289f

  • Size

    4.1MB

  • Sample

    231106-mrmcdscb86

  • MD5

    c49e4510a4cb6efe67a897bc4cce6ea2

  • SHA1

    584f6746b873f4c005e2b3f4d8dcc078e7c511c2

  • SHA256

    a94b4d5dda264c9f7112318f5dc6980ba7a0115c63d0543f6ba8b320528f289f

  • SHA512

    c1a3eaa0829fcbce11a89605aaf50638a095a2eedbdadb635abe4d0cdd8ee59c5ca838f8a5e72fdd2e6e16fc2c997f0d93507f9c3c718b483346584a985ec9df

  • SSDEEP

    98304:7zOheenlRciUj4+ltdZjqyfYnp4ER4lOZoIQvIY8fg8E:7ze8c+LdZjzW8NQfBE

Malware Config

Targets

    • Target

      a94b4d5dda264c9f7112318f5dc6980ba7a0115c63d0543f6ba8b320528f289f

    • Size

      4.1MB

    • MD5

      c49e4510a4cb6efe67a897bc4cce6ea2

    • SHA1

      584f6746b873f4c005e2b3f4d8dcc078e7c511c2

    • SHA256

      a94b4d5dda264c9f7112318f5dc6980ba7a0115c63d0543f6ba8b320528f289f

    • SHA512

      c1a3eaa0829fcbce11a89605aaf50638a095a2eedbdadb635abe4d0cdd8ee59c5ca838f8a5e72fdd2e6e16fc2c997f0d93507f9c3c718b483346584a985ec9df

    • SSDEEP

      98304:7zOheenlRciUj4+ltdZjqyfYnp4ER4lOZoIQvIY8fg8E:7ze8c+LdZjzW8NQfBE

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks