Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    06947984cb9cb315f66de32672d14afed56539fff4cebe80db0900b35c1217db

  • Size

    4.1MB

  • Sample

    240406-1cpe4abe2z

  • MD5

    54e7c261b1362ee9417914dd7a6e9aa7

  • SHA1

    aea057012747d7fa4a4b29382d14463c9854c101

  • SHA256

    06947984cb9cb315f66de32672d14afed56539fff4cebe80db0900b35c1217db

  • SHA512

    05b07da0bbb5b5c1628018ca55a0b7e9ff4a61b184f3d42253183c629f98259aaf2b05204261434b8b1639ee2cf285279bb8ee45ea3f94df38d70c88af090339

  • SSDEEP

    98304:/ZTJtvrSQI+RdfgxNOWs+luvBV3Kjpf8MTPWtsil5g:hVJ5f9clKG+MTut9I

Malware Config

Targets

    • Target

      06947984cb9cb315f66de32672d14afed56539fff4cebe80db0900b35c1217db

    • Size

      4.1MB

    • MD5

      54e7c261b1362ee9417914dd7a6e9aa7

    • SHA1

      aea057012747d7fa4a4b29382d14463c9854c101

    • SHA256

      06947984cb9cb315f66de32672d14afed56539fff4cebe80db0900b35c1217db

    • SHA512

      05b07da0bbb5b5c1628018ca55a0b7e9ff4a61b184f3d42253183c629f98259aaf2b05204261434b8b1639ee2cf285279bb8ee45ea3f94df38d70c88af090339

    • SSDEEP

      98304:/ZTJtvrSQI+RdfgxNOWs+luvBV3Kjpf8MTPWtsil5g:hVJ5f9clKG+MTut9I

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks