Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    db426a4982d5b3de051de8f3ceeef101db1aee2b1d93ed2a1b565b4493b222a1

  • Size

    4.2MB

  • Sample

    240409-jt6l9sdd4x

  • MD5

    0e4bbd7e4994d5673fa4bff0c35d34b4

  • SHA1

    24eb48964d2e2b03002e9767a288fd52bbb8a7b0

  • SHA256

    db426a4982d5b3de051de8f3ceeef101db1aee2b1d93ed2a1b565b4493b222a1

  • SHA512

    fde273456ebfb59b913e3019ec03b1549fc8fd9f6de9f7400d408caada1e44a19b91cbbbf13606658f9e7ddc2d4c7f5fe306fa01f45465cda508fc547be4b494

  • SSDEEP

    98304:nWYTD4CiRAXSuxVnp+h0WN3qbzsOgCkg0/uBam+HdHFr6kg:nWYDyEfm0WN3qbzs94alHdHFC

Malware Config

Targets

    • Target

      db426a4982d5b3de051de8f3ceeef101db1aee2b1d93ed2a1b565b4493b222a1

    • Size

      4.2MB

    • MD5

      0e4bbd7e4994d5673fa4bff0c35d34b4

    • SHA1

      24eb48964d2e2b03002e9767a288fd52bbb8a7b0

    • SHA256

      db426a4982d5b3de051de8f3ceeef101db1aee2b1d93ed2a1b565b4493b222a1

    • SHA512

      fde273456ebfb59b913e3019ec03b1549fc8fd9f6de9f7400d408caada1e44a19b91cbbbf13606658f9e7ddc2d4c7f5fe306fa01f45465cda508fc547be4b494

    • SSDEEP

      98304:nWYTD4CiRAXSuxVnp+h0WN3qbzsOgCkg0/uBam+HdHFr6kg:nWYDyEfm0WN3qbzs94alHdHFC

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks