Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    52f474be8c7415fdb6d8f7a4908df3c169a137855687224dea07bf58c8b2abf7

  • Size

    4.1MB

  • Sample

    240508-p4v66sfh72

  • MD5

    014b2f2d82c0356a825d10afe67fdee6

  • SHA1

    ab469a5dba27b90e0b14b6fd57d49bd7fce3cbde

  • SHA256

    52f474be8c7415fdb6d8f7a4908df3c169a137855687224dea07bf58c8b2abf7

  • SHA512

    62e2d670e04ffa925b506c0a4d12bfb04d7cc892fc9333a500c246e9567e72b0411f2263839128d764b23500b2f12e8f6480252c5ceda8956ee360f6bddf5a77

  • SSDEEP

    98304:E5XFTlMyMZVAWF8SeH6tiBW2iadSy01pM0vGwbSOXmAlvl:UlM/Z/sBW2vMzM6G+VHvl

Malware Config

Targets

    • Target

      52f474be8c7415fdb6d8f7a4908df3c169a137855687224dea07bf58c8b2abf7

    • Size

      4.1MB

    • MD5

      014b2f2d82c0356a825d10afe67fdee6

    • SHA1

      ab469a5dba27b90e0b14b6fd57d49bd7fce3cbde

    • SHA256

      52f474be8c7415fdb6d8f7a4908df3c169a137855687224dea07bf58c8b2abf7

    • SHA512

      62e2d670e04ffa925b506c0a4d12bfb04d7cc892fc9333a500c246e9567e72b0411f2263839128d764b23500b2f12e8f6480252c5ceda8956ee360f6bddf5a77

    • SSDEEP

      98304:E5XFTlMyMZVAWF8SeH6tiBW2iadSy01pM0vGwbSOXmAlvl:UlM/Z/sBW2vMzM6G+VHvl

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks