Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    76bcf371b6bab38146c145744f9b9c11dc2bfb14ee70cf665fb42657761f792d

  • Size

    4.1MB

  • Sample

    240406-1c4j1scc37

  • MD5

    3d9e4d009bc647b5cff137a75361be07

  • SHA1

    fc26f9c9196cf8bacb5424fdcd1ad57909cd32c3

  • SHA256

    76bcf371b6bab38146c145744f9b9c11dc2bfb14ee70cf665fb42657761f792d

  • SHA512

    6d6ef09098065277be07ab203dadf75516282b219cb862aaef4b70f13d906b8b7d93f15688630e8e55ec6eb081736bdb8d9fda3105eeb1f2e98254bd1e0ef1b6

  • SSDEEP

    98304:XZTJtvrSQI+RdfgxNOWs+luvBV3Kjpf8MTPWtsil5V:JVJ5f9clKG+MTut9d

Malware Config

Targets

    • Target

      76bcf371b6bab38146c145744f9b9c11dc2bfb14ee70cf665fb42657761f792d

    • Size

      4.1MB

    • MD5

      3d9e4d009bc647b5cff137a75361be07

    • SHA1

      fc26f9c9196cf8bacb5424fdcd1ad57909cd32c3

    • SHA256

      76bcf371b6bab38146c145744f9b9c11dc2bfb14ee70cf665fb42657761f792d

    • SHA512

      6d6ef09098065277be07ab203dadf75516282b219cb862aaef4b70f13d906b8b7d93f15688630e8e55ec6eb081736bdb8d9fda3105eeb1f2e98254bd1e0ef1b6

    • SSDEEP

      98304:XZTJtvrSQI+RdfgxNOWs+luvBV3Kjpf8MTPWtsil5V:JVJ5f9clKG+MTut9d

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks