Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6ed4429d9cfd0d72f4b9573b6e7272e4ab8860d02f8a67ac58b65664a2800520

  • Size

    4.2MB

  • Sample

    240502-xw7t1aeb6t

  • MD5

    dbf361b80e8fa40154f0e862d5c36ad3

  • SHA1

    1abca599c08f2d538cde06ac25f24d3201cffdd9

  • SHA256

    6ed4429d9cfd0d72f4b9573b6e7272e4ab8860d02f8a67ac58b65664a2800520

  • SHA512

    58c8880a7eb07e8ef7da824db394c7f09c8c08c86cba08431cb8083c67c0452f1f975d2435e9f521870a5257916dea6a9fe39a3bccfa69eb04cd2639629c57e0

  • SSDEEP

    98304:DmEjzi/3O52sDSn2sBMneAY2gSm6lbP8XYs3iaeok9nL9:aEjzK3O2Es2eA2Alb4Rybxh

Malware Config

Targets

    • Target

      6ed4429d9cfd0d72f4b9573b6e7272e4ab8860d02f8a67ac58b65664a2800520

    • Size

      4.2MB

    • MD5

      dbf361b80e8fa40154f0e862d5c36ad3

    • SHA1

      1abca599c08f2d538cde06ac25f24d3201cffdd9

    • SHA256

      6ed4429d9cfd0d72f4b9573b6e7272e4ab8860d02f8a67ac58b65664a2800520

    • SHA512

      58c8880a7eb07e8ef7da824db394c7f09c8c08c86cba08431cb8083c67c0452f1f975d2435e9f521870a5257916dea6a9fe39a3bccfa69eb04cd2639629c57e0

    • SSDEEP

      98304:DmEjzi/3O52sDSn2sBMneAY2gSm6lbP8XYs3iaeok9nL9:aEjzK3O2Es2eA2Alb4Rybxh

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks