Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    61128d9ff76814b4139532da804afcdc8f5c25287ed1355d4e41292fb1030261

  • Size

    4.2MB

  • Sample

    240416-fcynjshf68

  • MD5

    76d61afb80a40610abb6be4743da36b0

  • SHA1

    9e36f83eb6dc2ff9a8eaa98a8d917c481fa1bd60

  • SHA256

    61128d9ff76814b4139532da804afcdc8f5c25287ed1355d4e41292fb1030261

  • SHA512

    2bb0dc8c88a2189a9596115be57d86e020fe1f311b69501d240e13c1c317443f7c0a91d894380081074e2b36b836bb53fa8f704693dae26eb4bd8a938af86a2f

  • SSDEEP

    98304:4Wosr6t4LHmfag6c9nQ74cnnl3mt05Nf1uD8PcPoGg8fL:4WoV4LHbwQDl2GaDV1g8z

Malware Config

Targets

    • Target

      61128d9ff76814b4139532da804afcdc8f5c25287ed1355d4e41292fb1030261

    • Size

      4.2MB

    • MD5

      76d61afb80a40610abb6be4743da36b0

    • SHA1

      9e36f83eb6dc2ff9a8eaa98a8d917c481fa1bd60

    • SHA256

      61128d9ff76814b4139532da804afcdc8f5c25287ed1355d4e41292fb1030261

    • SHA512

      2bb0dc8c88a2189a9596115be57d86e020fe1f311b69501d240e13c1c317443f7c0a91d894380081074e2b36b836bb53fa8f704693dae26eb4bd8a938af86a2f

    • SSDEEP

      98304:4Wosr6t4LHmfag6c9nQ74cnnl3mt05Nf1uD8PcPoGg8fL:4WoV4LHbwQDl2GaDV1g8z

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks