Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    28e4a736a9983b42e063afff254532385000466b50968f29651fe432450cf5e8

  • Size

    4.1MB

  • Sample

    240425-s8vb8acc33

  • MD5

    31d17088ef03d6c5513fbf7d8cb310f8

  • SHA1

    3fc3147d7ec3850b04a86e096af35a7b5d4fbe64

  • SHA256

    28e4a736a9983b42e063afff254532385000466b50968f29651fe432450cf5e8

  • SHA512

    5fb0ec09b35ce41d427a8ef4a0cfff8c5369ec48678ae3f0dd5745273275182cc4db79ddc386292090ab89bd80f60dcadb11580adb6c36da014d26ef8eed638d

  • SSDEEP

    98304:ixMvDlpZvb8ZK6Pm1OqC68DUZP3t+NAeQDD60jtf0ZJUQwpesMAQ2H/nDr:iOpbkK6P76wCP3t+NMK0jtGJUQwpe8nv

Malware Config

Targets

    • Target

      28e4a736a9983b42e063afff254532385000466b50968f29651fe432450cf5e8

    • Size

      4.1MB

    • MD5

      31d17088ef03d6c5513fbf7d8cb310f8

    • SHA1

      3fc3147d7ec3850b04a86e096af35a7b5d4fbe64

    • SHA256

      28e4a736a9983b42e063afff254532385000466b50968f29651fe432450cf5e8

    • SHA512

      5fb0ec09b35ce41d427a8ef4a0cfff8c5369ec48678ae3f0dd5745273275182cc4db79ddc386292090ab89bd80f60dcadb11580adb6c36da014d26ef8eed638d

    • SSDEEP

      98304:ixMvDlpZvb8ZK6Pm1OqC68DUZP3t+NAeQDD60jtf0ZJUQwpesMAQ2H/nDr:iOpbkK6P76wCP3t+NMK0jtGJUQwpe8nv

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks