Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    72f01fd34346b13de7f79371918dc61b8503b685a717e95a9e32662515940a80

  • Size

    4.1MB

  • Sample

    240425-x1nlxsdg82

  • MD5

    84593ad6f91078e2b257b80a7878f124

  • SHA1

    0f4b30414c725598117e38b4f2863d79530b89c7

  • SHA256

    72f01fd34346b13de7f79371918dc61b8503b685a717e95a9e32662515940a80

  • SHA512

    7cba986b097c42f3c9b5702132a159ca4771803bf81bbd7c3361009c2539a500ebd7a83ad96e9d00e28b89610068ad5801ad791643af75baf55b2b97c128d2d7

  • SSDEEP

    98304:76iTZ4kfg452+1ymkJVCeDBCBxmGqwqRrEfoUjZy6nFMEWaGv167KvyfiuU:7pTamgkhkCDLmGqEnZypEWjw7K9f

Malware Config

Targets

    • Target

      72f01fd34346b13de7f79371918dc61b8503b685a717e95a9e32662515940a80

    • Size

      4.1MB

    • MD5

      84593ad6f91078e2b257b80a7878f124

    • SHA1

      0f4b30414c725598117e38b4f2863d79530b89c7

    • SHA256

      72f01fd34346b13de7f79371918dc61b8503b685a717e95a9e32662515940a80

    • SHA512

      7cba986b097c42f3c9b5702132a159ca4771803bf81bbd7c3361009c2539a500ebd7a83ad96e9d00e28b89610068ad5801ad791643af75baf55b2b97c128d2d7

    • SSDEEP

      98304:76iTZ4kfg452+1ymkJVCeDBCBxmGqwqRrEfoUjZy6nFMEWaGv167KvyfiuU:7pTamgkhkCDLmGqEnZypEWjw7K9f

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks