Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9c281bf508dfd714269ecc5974980f8c9e0efe16f83b8e1332e8b550a4f8c59a

  • Size

    4.2MB

  • Sample

    240406-qj7vxabb7v

  • MD5

    e11814d3050c19c78869110e0a75efba

  • SHA1

    1aa8ef86ea3a347fe3d1a8eb9afa29dfe8717bdb

  • SHA256

    9c281bf508dfd714269ecc5974980f8c9e0efe16f83b8e1332e8b550a4f8c59a

  • SHA512

    78880f26ddd638fc19ab9bd7e32ea0ffac0fe01de9854806ba174a15198c020af736c4a18791defb31782d3ec5b67f747e4a3456eb196c1668d874c40dfb9211

  • SSDEEP

    98304:E2WkpxOBzrk5qjLCQZfkIPAIpyMRpP26xj6EOgi:9Lg2A3CyMIPAqjZNROZ

Malware Config

Targets

    • Target

      9c281bf508dfd714269ecc5974980f8c9e0efe16f83b8e1332e8b550a4f8c59a

    • Size

      4.2MB

    • MD5

      e11814d3050c19c78869110e0a75efba

    • SHA1

      1aa8ef86ea3a347fe3d1a8eb9afa29dfe8717bdb

    • SHA256

      9c281bf508dfd714269ecc5974980f8c9e0efe16f83b8e1332e8b550a4f8c59a

    • SHA512

      78880f26ddd638fc19ab9bd7e32ea0ffac0fe01de9854806ba174a15198c020af736c4a18791defb31782d3ec5b67f747e4a3456eb196c1668d874c40dfb9211

    • SSDEEP

      98304:E2WkpxOBzrk5qjLCQZfkIPAIpyMRpP26xj6EOgi:9Lg2A3CyMIPAqjZNROZ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks