Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    046c045dedd8b19fcd73a195279ee98323111868424d06f026a94c54f1d09c59

  • Size

    4.2MB

  • Sample

    240409-t39qdsce38

  • MD5

    77a31150a6ccc1ed7e58453a12e0de4d

  • SHA1

    e8607a714ba825bacc331d0929b7bb31149be2e2

  • SHA256

    046c045dedd8b19fcd73a195279ee98323111868424d06f026a94c54f1d09c59

  • SHA512

    86e96f6492f0b90468b3fee338295a51e384928479c3ffb55dc807658ea421b1284736c3aeb894f3045a794f2c54149f0f2480182b09ccfc77e5d7061dc5b1f3

  • SSDEEP

    98304:aq77jqY634qYqqku+lyD9j83bmq6chkYsndCeM49l0PC8vwYt3LS/HhJ:ag7jqGqHumyZj83bqlTnjD0P2G3Iv

Malware Config

Targets

    • Target

      046c045dedd8b19fcd73a195279ee98323111868424d06f026a94c54f1d09c59

    • Size

      4.2MB

    • MD5

      77a31150a6ccc1ed7e58453a12e0de4d

    • SHA1

      e8607a714ba825bacc331d0929b7bb31149be2e2

    • SHA256

      046c045dedd8b19fcd73a195279ee98323111868424d06f026a94c54f1d09c59

    • SHA512

      86e96f6492f0b90468b3fee338295a51e384928479c3ffb55dc807658ea421b1284736c3aeb894f3045a794f2c54149f0f2480182b09ccfc77e5d7061dc5b1f3

    • SSDEEP

      98304:aq77jqY634qYqqku+lyD9j83bmq6chkYsndCeM49l0PC8vwYt3LS/HhJ:ag7jqGqHumyZj83bqlTnjD0P2G3Iv

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks