Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0eae141e3e6865653447c492cb1e49c6950a24d3d71a415b5c6c9078d45dc096

  • Size

    4.1MB

  • Sample

    240319-y4zzssee47

  • MD5

    5baf53017b827820a9e9e950b9b3c843

  • SHA1

    8d680bbb3470991b790f871794809651a9a6e1ab

  • SHA256

    0eae141e3e6865653447c492cb1e49c6950a24d3d71a415b5c6c9078d45dc096

  • SHA512

    6245d2c61c95d64ba7fa54f8722b3393e00ea9b8dcb5358998dc4621aac5500e4041dd329af91b2db571ea4e5f7748c8c3f5448a244031b23d35029a40c04276

  • SSDEEP

    98304:IweYpH8a1E/hAvuJrNpMhoVQFJSmaZ4CrqayBIRegw7LnE:IweIN1CXrNKdFJSmauCrqRfLnE

Malware Config

Targets

    • Target

      0eae141e3e6865653447c492cb1e49c6950a24d3d71a415b5c6c9078d45dc096

    • Size

      4.1MB

    • MD5

      5baf53017b827820a9e9e950b9b3c843

    • SHA1

      8d680bbb3470991b790f871794809651a9a6e1ab

    • SHA256

      0eae141e3e6865653447c492cb1e49c6950a24d3d71a415b5c6c9078d45dc096

    • SHA512

      6245d2c61c95d64ba7fa54f8722b3393e00ea9b8dcb5358998dc4621aac5500e4041dd329af91b2db571ea4e5f7748c8c3f5448a244031b23d35029a40c04276

    • SSDEEP

      98304:IweYpH8a1E/hAvuJrNpMhoVQFJSmaZ4CrqayBIRegw7LnE:IweIN1CXrNKdFJSmauCrqRfLnE

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks