Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bb1c066034e9560bdc48e29ee48ab48ff349a952dcb48668158cf2605194aaca

  • Size

    4.2MB

  • Sample

    240502-ltwheaec8y

  • MD5

    cc1a7e8229a307ee0c3ef82b5ed2ad33

  • SHA1

    88d979868940fb5029e021e748a6a81a4ee05871

  • SHA256

    bb1c066034e9560bdc48e29ee48ab48ff349a952dcb48668158cf2605194aaca

  • SHA512

    e39b2997d6c5e51755d935e166d8c544b61bc81164b890be16ffe4530a3179796ce3918fb867174c5c1422936c8f10dfcfad8a318374d476284241383eb067bc

  • SSDEEP

    98304:ko4SOxmKXm1EUBFpSwO6ORShajBciTHIW6HgNwCET3CPJ3:ko4SOAKXWEiqwO6OYkjBcjtHrlT3CPJ

Malware Config

Targets

    • Target

      bb1c066034e9560bdc48e29ee48ab48ff349a952dcb48668158cf2605194aaca

    • Size

      4.2MB

    • MD5

      cc1a7e8229a307ee0c3ef82b5ed2ad33

    • SHA1

      88d979868940fb5029e021e748a6a81a4ee05871

    • SHA256

      bb1c066034e9560bdc48e29ee48ab48ff349a952dcb48668158cf2605194aaca

    • SHA512

      e39b2997d6c5e51755d935e166d8c544b61bc81164b890be16ffe4530a3179796ce3918fb867174c5c1422936c8f10dfcfad8a318374d476284241383eb067bc

    • SSDEEP

      98304:ko4SOxmKXm1EUBFpSwO6ORShajBciTHIW6HgNwCET3CPJ3:ko4SOAKXWEiqwO6OYkjBcjtHrlT3CPJ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks