Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
addcd44ed648980e8bed20517c5fddf1dde5da3dac960339f4d049cd974daf5f
-
Size
3.5MB
-
Sample
231117-bjjqradg9w
-
MD5
729d715b863ca0a46cbc7cd7b4cee959
-
SHA1
cd8391e13ae4452cec778dd3ba1b120030b6d8f6
-
SHA256
addcd44ed648980e8bed20517c5fddf1dde5da3dac960339f4d049cd974daf5f
-
SHA512
a7fd6139c5cd2c89e75dbf8efa8b704297d19882dc77b3bd16d74132c3749b5ed9bd3034c4621cf59b7838e12632e529d5a930c8667886e11d96929ccf7bf64f
-
SSDEEP
49152:oeYVYlrGvqBpHQgPc4KojRWyHmqSLitYr/YYQSfGRjAwH:HYVQrqa1QgP/3MHitYrQY5c
Static task
static1
Malware Config
Targets
-
-
Target
addcd44ed648980e8bed20517c5fddf1dde5da3dac960339f4d049cd974daf5f
-
Size
3.5MB
-
MD5
729d715b863ca0a46cbc7cd7b4cee959
-
SHA1
cd8391e13ae4452cec778dd3ba1b120030b6d8f6
-
SHA256
addcd44ed648980e8bed20517c5fddf1dde5da3dac960339f4d049cd974daf5f
-
SHA512
a7fd6139c5cd2c89e75dbf8efa8b704297d19882dc77b3bd16d74132c3749b5ed9bd3034c4621cf59b7838e12632e529d5a930c8667886e11d96929ccf7bf64f
-
SSDEEP
49152:oeYVYlrGvqBpHQgPc4KojRWyHmqSLitYr/YYQSfGRjAwH:HYVQrqa1QgP/3MHitYrQY5c
-
Glupteba payload
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4