Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6e0448a865712506752bcf5cf1434484c4dd7402f551e12c6db878db2e5368eb

  • Size

    4.1MB

  • Sample

    240406-1czwtsbe3y

  • MD5

    bb6ad3ff7ce58d68e7c19f74484f3e2c

  • SHA1

    9c37e73fdbbe2bfc8a253c275d7b106bc07af6fe

  • SHA256

    6e0448a865712506752bcf5cf1434484c4dd7402f551e12c6db878db2e5368eb

  • SHA512

    c518b6a9858c9dd3ad137e586d44a165adc8e2b852fccb3e372244945bae056737c3f30d4502fcb0e62711ef08bcea8970bc19940480895a61797ef95aa770f6

  • SSDEEP

    98304:3ZTJtvrSQI+RdfgxNOWs+luvBV3Kjpf8MTPWtsil5l:pVJ5f9clKG+MTut9N

Malware Config

Targets

    • Target

      6e0448a865712506752bcf5cf1434484c4dd7402f551e12c6db878db2e5368eb

    • Size

      4.1MB

    • MD5

      bb6ad3ff7ce58d68e7c19f74484f3e2c

    • SHA1

      9c37e73fdbbe2bfc8a253c275d7b106bc07af6fe

    • SHA256

      6e0448a865712506752bcf5cf1434484c4dd7402f551e12c6db878db2e5368eb

    • SHA512

      c518b6a9858c9dd3ad137e586d44a165adc8e2b852fccb3e372244945bae056737c3f30d4502fcb0e62711ef08bcea8970bc19940480895a61797ef95aa770f6

    • SSDEEP

      98304:3ZTJtvrSQI+RdfgxNOWs+luvBV3Kjpf8MTPWtsil5l:pVJ5f9clKG+MTut9N

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks