Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c188abb50e6470d9407d37c58967f139130a08b0d4742b7c2a17a66ce8e72994

  • Size

    4.1MB

  • Sample

    240513-znhk9adc8x

  • MD5

    e85c035504448b2ce0b7dea047c2aff2

  • SHA1

    159b5eac78b590b638479ad703dec0bd3177052f

  • SHA256

    c188abb50e6470d9407d37c58967f139130a08b0d4742b7c2a17a66ce8e72994

  • SHA512

    18ae15dc91c09d7a9c1498081384c647b4b43c08bc2fdec9bcb75b1c5dd836ecd7ec1ace8a52adbeafb2904f6200495cc6095699e9587ed3bacdfd8890c4f5ea

  • SSDEEP

    98304:3qpMRaJi3sEqIr6ilJJkay2XIp4ZT71i5GwG4N1PBcavz8ax:3qpMRJcE1nJkaVIp4ZT7zwBrzdx

Malware Config

Targets

    • Target

      c188abb50e6470d9407d37c58967f139130a08b0d4742b7c2a17a66ce8e72994

    • Size

      4.1MB

    • MD5

      e85c035504448b2ce0b7dea047c2aff2

    • SHA1

      159b5eac78b590b638479ad703dec0bd3177052f

    • SHA256

      c188abb50e6470d9407d37c58967f139130a08b0d4742b7c2a17a66ce8e72994

    • SHA512

      18ae15dc91c09d7a9c1498081384c647b4b43c08bc2fdec9bcb75b1c5dd836ecd7ec1ace8a52adbeafb2904f6200495cc6095699e9587ed3bacdfd8890c4f5ea

    • SSDEEP

      98304:3qpMRaJi3sEqIr6ilJJkay2XIp4ZT71i5GwG4N1PBcavz8ax:3qpMRJcE1nJkaVIp4ZT7zwBrzdx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks