Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2c25fc2ae56e07885c9917acc5219a86f8b35bbc4005df0efe7beba881445444

  • Size

    4.2MB

  • Sample

    240430-hx5zgafe5x

  • MD5

    f82b4b019287eb16dd8cf7156c72a3f8

  • SHA1

    21d55251bc6cd27b60ecc4660c8d1fc73515967d

  • SHA256

    2c25fc2ae56e07885c9917acc5219a86f8b35bbc4005df0efe7beba881445444

  • SHA512

    4840530f2a567a7d9093d3a5ecb290330096e1e5fcc6378685cfba211e1af0e22724748012f8c5d7cc07da5cb5762783223d2a8846be4aaaca17a58906ed1c5b

  • SSDEEP

    98304:73fclVPVcYr6prpRtwbp/CdqhSf/LSZIrcMLb3J1blMIAMQgOHn5ic:bfwpVWrpC6kSXLXv3PWIg9HnAc

Malware Config

Targets

    • Target

      2c25fc2ae56e07885c9917acc5219a86f8b35bbc4005df0efe7beba881445444

    • Size

      4.2MB

    • MD5

      f82b4b019287eb16dd8cf7156c72a3f8

    • SHA1

      21d55251bc6cd27b60ecc4660c8d1fc73515967d

    • SHA256

      2c25fc2ae56e07885c9917acc5219a86f8b35bbc4005df0efe7beba881445444

    • SHA512

      4840530f2a567a7d9093d3a5ecb290330096e1e5fcc6378685cfba211e1af0e22724748012f8c5d7cc07da5cb5762783223d2a8846be4aaaca17a58906ed1c5b

    • SSDEEP

      98304:73fclVPVcYr6prpRtwbp/CdqhSf/LSZIrcMLb3J1blMIAMQgOHn5ic:bfwpVWrpC6kSXLXv3PWIg9HnAc

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks