Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ab09041c77751d16e2cf747e5da02ae63fa9560f6054b7abff2645e45adfa00c

  • Size

    4.2MB

  • Sample

    240428-k2mpssce4z

  • MD5

    7ee48a244c52d18c314e6bd25354c851

  • SHA1

    68630ca957c62b882c10f221d627f910da4ed622

  • SHA256

    ab09041c77751d16e2cf747e5da02ae63fa9560f6054b7abff2645e45adfa00c

  • SHA512

    58f86b9ea5fd4298c7fc240f7f91ff8e4b0e8f30791cb70457b0409481bec803a79a17043e4a1379c806be7251284e90d00168554c12e7b20b0187f000161a0f

  • SSDEEP

    49152:FJckUcan+/g6qtZ7W5Wul/84VXgUJTm7JMhId3wmg2qSwTtxSn5uLWpyDruLtBI1:fRfD5f1lRJsTZrbotuJBJKZ

Malware Config

Targets

    • Target

      ab09041c77751d16e2cf747e5da02ae63fa9560f6054b7abff2645e45adfa00c

    • Size

      4.2MB

    • MD5

      7ee48a244c52d18c314e6bd25354c851

    • SHA1

      68630ca957c62b882c10f221d627f910da4ed622

    • SHA256

      ab09041c77751d16e2cf747e5da02ae63fa9560f6054b7abff2645e45adfa00c

    • SHA512

      58f86b9ea5fd4298c7fc240f7f91ff8e4b0e8f30791cb70457b0409481bec803a79a17043e4a1379c806be7251284e90d00168554c12e7b20b0187f000161a0f

    • SSDEEP

      49152:FJckUcan+/g6qtZ7W5Wul/84VXgUJTm7JMhId3wmg2qSwTtxSn5uLWpyDruLtBI1:fRfD5f1lRJsTZrbotuJBJKZ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks