Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    74405e9c78c0d0af77e7126524eef5bfd9739e1b422905b0426d527a2ae0981f

  • Size

    4.1MB

  • Sample

    240406-1c3bysbe31

  • MD5

    5c4afbf52036fcb9868c4732fdc6356c

  • SHA1

    318acd7af305b4f7001dbc3847b04fc42bc23c0b

  • SHA256

    74405e9c78c0d0af77e7126524eef5bfd9739e1b422905b0426d527a2ae0981f

  • SHA512

    5212a95c6615f5628d8d71dbf968c617624675fac9bc65facb7451604c7e8337047b74e8153ccdff9946a805c2e3363b1844143090a9f663d4e7395c8f05253c

  • SSDEEP

    98304:fZTJtvrSQI+RdfgxNOWs+luvBV3Kjpf8MTPWtsil5m:BVJ5f9clKG+MTut9e

Malware Config

Targets

    • Target

      74405e9c78c0d0af77e7126524eef5bfd9739e1b422905b0426d527a2ae0981f

    • Size

      4.1MB

    • MD5

      5c4afbf52036fcb9868c4732fdc6356c

    • SHA1

      318acd7af305b4f7001dbc3847b04fc42bc23c0b

    • SHA256

      74405e9c78c0d0af77e7126524eef5bfd9739e1b422905b0426d527a2ae0981f

    • SHA512

      5212a95c6615f5628d8d71dbf968c617624675fac9bc65facb7451604c7e8337047b74e8153ccdff9946a805c2e3363b1844143090a9f663d4e7395c8f05253c

    • SSDEEP

      98304:fZTJtvrSQI+RdfgxNOWs+luvBV3Kjpf8MTPWtsil5m:BVJ5f9clKG+MTut9e

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks