Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6798d098ba258fe66b9a065b894a3e49e96c1d0deb571a88c26db57c9d30c9d5

  • Size

    4.1MB

  • Sample

    240512-hr7wwaha92

  • MD5

    e6e1f03cdd49b6234cc01cf624afc230

  • SHA1

    aa05c9573fd6f8a8c212d85e26f80133dc6996da

  • SHA256

    6798d098ba258fe66b9a065b894a3e49e96c1d0deb571a88c26db57c9d30c9d5

  • SHA512

    37ebf4d6ffc81876f96034b5154097fda3f4cb5a02b1678c9ee1102f8a6d08a668d441afc6eb67b626444a1be12fb3a1910859220c7b2f2bb87d5dcf657fe97e

  • SSDEEP

    98304:MTqhS9Lnz8MmSV7jAB6wVffYAFzc/C0Dla1eCdEfwq9hv7fsfHoqc5/0ndW:jS9LzA0QB3VffYAWClIC+YKgH5cgg

Malware Config

Targets

    • Target

      6798d098ba258fe66b9a065b894a3e49e96c1d0deb571a88c26db57c9d30c9d5

    • Size

      4.1MB

    • MD5

      e6e1f03cdd49b6234cc01cf624afc230

    • SHA1

      aa05c9573fd6f8a8c212d85e26f80133dc6996da

    • SHA256

      6798d098ba258fe66b9a065b894a3e49e96c1d0deb571a88c26db57c9d30c9d5

    • SHA512

      37ebf4d6ffc81876f96034b5154097fda3f4cb5a02b1678c9ee1102f8a6d08a668d441afc6eb67b626444a1be12fb3a1910859220c7b2f2bb87d5dcf657fe97e

    • SSDEEP

      98304:MTqhS9Lnz8MmSV7jAB6wVffYAFzc/C0Dla1eCdEfwq9hv7fsfHoqc5/0ndW:jS9LzA0QB3VffYAWClIC+YKgH5cgg

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks