Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1028c1373ab4ceb8b9a0db705f21ec28fd3e0878f6f1dc0b32c0c74e482606b9

  • Size

    4.1MB

  • Sample

    231111-wgyr4sad9w

  • MD5

    45a9fc831b63bfed5770202e6bd4d464

  • SHA1

    115a4b67e219678db1c0d1a4b2e39203efed3c19

  • SHA256

    1028c1373ab4ceb8b9a0db705f21ec28fd3e0878f6f1dc0b32c0c74e482606b9

  • SHA512

    ba80b9a8c89e3f642cd1e5217a01e5fd5b29c3b57a90a5143b6ec7316a5d5235b5ce2a35c9a105d3646c158ff122f548da7d598baaacacc2b26e04155fe3074c

  • SSDEEP

    98304:Bad5nas3EYw/f9GgJ+JeCgTMowUK0S5TsF4GiA6Dop:IukfeKolKrqfp

Malware Config

Targets

    • Target

      1028c1373ab4ceb8b9a0db705f21ec28fd3e0878f6f1dc0b32c0c74e482606b9

    • Size

      4.1MB

    • MD5

      45a9fc831b63bfed5770202e6bd4d464

    • SHA1

      115a4b67e219678db1c0d1a4b2e39203efed3c19

    • SHA256

      1028c1373ab4ceb8b9a0db705f21ec28fd3e0878f6f1dc0b32c0c74e482606b9

    • SHA512

      ba80b9a8c89e3f642cd1e5217a01e5fd5b29c3b57a90a5143b6ec7316a5d5235b5ce2a35c9a105d3646c158ff122f548da7d598baaacacc2b26e04155fe3074c

    • SSDEEP

      98304:Bad5nas3EYw/f9GgJ+JeCgTMowUK0S5TsF4GiA6Dop:IukfeKolKrqfp

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks