Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ad2d9feb347ab956dde8b12acd8221a4b16d45f55a586a2d712937316bebb2fc

  • Size

    4.2MB

  • Sample

    240326-apnq8adg7z

  • MD5

    72bff1fb6190a6fad0a4f8c51a6d280c

  • SHA1

    1b69e315ff425f7ab31c47ccb2af07c2edef5c30

  • SHA256

    ad2d9feb347ab956dde8b12acd8221a4b16d45f55a586a2d712937316bebb2fc

  • SHA512

    538a6bc5c9b22f1c23e112040a47c2e715c4f88590410ec9ec072fbb9561ad23219d29c07fbb01ec4b8bacd912b85f5df4a704ac93c1db37562e944af8eb7401

  • SSDEEP

    98304:JFlsFk+Svmz/rIJevFIOB1uuzK8dGilaD2zWWsAao9:hsFk+SvmYJcFHuuO8dBl7IO

Malware Config

Targets

    • Target

      ad2d9feb347ab956dde8b12acd8221a4b16d45f55a586a2d712937316bebb2fc

    • Size

      4.2MB

    • MD5

      72bff1fb6190a6fad0a4f8c51a6d280c

    • SHA1

      1b69e315ff425f7ab31c47ccb2af07c2edef5c30

    • SHA256

      ad2d9feb347ab956dde8b12acd8221a4b16d45f55a586a2d712937316bebb2fc

    • SHA512

      538a6bc5c9b22f1c23e112040a47c2e715c4f88590410ec9ec072fbb9561ad23219d29c07fbb01ec4b8bacd912b85f5df4a704ac93c1db37562e944af8eb7401

    • SSDEEP

      98304:JFlsFk+Svmz/rIJevFIOB1uuzK8dGilaD2zWWsAao9:hsFk+SvmYJcFHuuO8dBl7IO

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks