Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    76f1dfc5095652b64e15a9ac0c97d104c6d9f5c373ab7286cb43e5b91e284b59

  • Size

    4.1MB

  • Sample

    240514-3tnw1aee9v

  • MD5

    15395dc893d9a0ddb1bafdecd403642a

  • SHA1

    d8b7a47f6e78b5c0c26eaa6062927de4d9a4f50b

  • SHA256

    76f1dfc5095652b64e15a9ac0c97d104c6d9f5c373ab7286cb43e5b91e284b59

  • SHA512

    10dd83c6bc26905c0ef619918c4b9efdf025b5e31923dcf1fa50618ef3db60ce7b90d310f2aa229c42f3ada34226ffefae8c3efa3771955e0765b10af0a6283b

  • SSDEEP

    98304:FOEQv7p1EKwgW7O4vptwZo6T+WO0dzEY6Kk7ob384km+FfOI:Fr2p15ulARrO0d7kw84IGI

Malware Config

Targets

    • Target

      76f1dfc5095652b64e15a9ac0c97d104c6d9f5c373ab7286cb43e5b91e284b59

    • Size

      4.1MB

    • MD5

      15395dc893d9a0ddb1bafdecd403642a

    • SHA1

      d8b7a47f6e78b5c0c26eaa6062927de4d9a4f50b

    • SHA256

      76f1dfc5095652b64e15a9ac0c97d104c6d9f5c373ab7286cb43e5b91e284b59

    • SHA512

      10dd83c6bc26905c0ef619918c4b9efdf025b5e31923dcf1fa50618ef3db60ce7b90d310f2aa229c42f3ada34226ffefae8c3efa3771955e0765b10af0a6283b

    • SSDEEP

      98304:FOEQv7p1EKwgW7O4vptwZo6T+WO0dzEY6Kk7ob384km+FfOI:Fr2p15ulARrO0d7kw84IGI

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks