Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    37dda02a5b4213446dba7761990d4e88b862485797952201ee79eff1bdac283a

  • Size

    4.2MB

  • Sample

    240504-nzmtkafh57

  • MD5

    1aa29d938417519306f2cc39fac09ef1

  • SHA1

    ba0ce7f5d235870b8a6f0155fff64d4206012b77

  • SHA256

    37dda02a5b4213446dba7761990d4e88b862485797952201ee79eff1bdac283a

  • SHA512

    3db6cf81dc573bcc8a3bd19d28c6b96908fb5a0cffccb112f6626277a637462b48532202f00bfbb35e7032cf60eda5a386c3be907023df90169ae9ed1d4f122b

  • SSDEEP

    98304:5Fm33nTRQYXLAJmF7JMhpwIV/CevqNafpDPjSEtx+w/pLn:8dAuJMhpXpCevqOr2EtxJ/Nn

Malware Config

Targets

    • Target

      37dda02a5b4213446dba7761990d4e88b862485797952201ee79eff1bdac283a

    • Size

      4.2MB

    • MD5

      1aa29d938417519306f2cc39fac09ef1

    • SHA1

      ba0ce7f5d235870b8a6f0155fff64d4206012b77

    • SHA256

      37dda02a5b4213446dba7761990d4e88b862485797952201ee79eff1bdac283a

    • SHA512

      3db6cf81dc573bcc8a3bd19d28c6b96908fb5a0cffccb112f6626277a637462b48532202f00bfbb35e7032cf60eda5a386c3be907023df90169ae9ed1d4f122b

    • SSDEEP

      98304:5Fm33nTRQYXLAJmF7JMhpwIV/CevqNafpDPjSEtx+w/pLn:8dAuJMhpXpCevqOr2EtxJ/Nn

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks