Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9e7e9c4a41a122027dcd1fd7111f88b32caf3eeb94713eae4ce072121315c9f0

  • Size

    4.2MB

  • Sample

    231107-aqhllaad49

  • MD5

    f634ae2e81df189713ea6787b1454902

  • SHA1

    1dc5e9c1401155b052e1a3aaaf676c02539cdd1b

  • SHA256

    9e7e9c4a41a122027dcd1fd7111f88b32caf3eeb94713eae4ce072121315c9f0

  • SHA512

    6dc64e8c6a324b65ccfb9c74a7ea639af9565b7e3e1f3dbcb9efbb5d2090c8e528f5019ed54536e929ae599c0f29c89c2965abb628cfeb0dddfd3fe2a1c37e1d

  • SSDEEP

    98304:6QSUFfDdnytWG+lc9NNGfNK7s4ehs1kbzR7vrYYGMa0aAeP:6hcDdngr+lc9NNGfQ7eOkbzR7vcYwAeP

Malware Config

Targets

    • Target

      9e7e9c4a41a122027dcd1fd7111f88b32caf3eeb94713eae4ce072121315c9f0

    • Size

      4.2MB

    • MD5

      f634ae2e81df189713ea6787b1454902

    • SHA1

      1dc5e9c1401155b052e1a3aaaf676c02539cdd1b

    • SHA256

      9e7e9c4a41a122027dcd1fd7111f88b32caf3eeb94713eae4ce072121315c9f0

    • SHA512

      6dc64e8c6a324b65ccfb9c74a7ea639af9565b7e3e1f3dbcb9efbb5d2090c8e528f5019ed54536e929ae599c0f29c89c2965abb628cfeb0dddfd3fe2a1c37e1d

    • SSDEEP

      98304:6QSUFfDdnytWG+lc9NNGfNK7s4ehs1kbzR7vrYYGMa0aAeP:6hcDdngr+lc9NNGfQ7eOkbzR7vcYwAeP

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks