Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7eab7041fc7db3760b71f2dbc4e89fbe8e9f15bb4aa128bad496b2c32c33ef07

  • Size

    4.1MB

  • Sample

    240514-3tsvysef2v

  • MD5

    4c2f6d863d77d9ccbd3a25634ceb6417

  • SHA1

    599cc027c70d9ba7e8ece563d19f230454dc8678

  • SHA256

    7eab7041fc7db3760b71f2dbc4e89fbe8e9f15bb4aa128bad496b2c32c33ef07

  • SHA512

    65d6ccc45ba4dac41d9aba8a6637c0820f6dcce4199155c36ea8a2c3976e5a81fbc1292f7e839b09c78dbfd2dd6618841119374811b4bb85eaaa0c86eecaad47

  • SSDEEP

    98304:NOEQv7p1EKwgW7O4vptwZo6T+WO0dzEY6Kk7ob384km+FfOK:Nr2p15ulARrO0d7kw84IGK

Malware Config

Targets

    • Target

      7eab7041fc7db3760b71f2dbc4e89fbe8e9f15bb4aa128bad496b2c32c33ef07

    • Size

      4.1MB

    • MD5

      4c2f6d863d77d9ccbd3a25634ceb6417

    • SHA1

      599cc027c70d9ba7e8ece563d19f230454dc8678

    • SHA256

      7eab7041fc7db3760b71f2dbc4e89fbe8e9f15bb4aa128bad496b2c32c33ef07

    • SHA512

      65d6ccc45ba4dac41d9aba8a6637c0820f6dcce4199155c36ea8a2c3976e5a81fbc1292f7e839b09c78dbfd2dd6618841119374811b4bb85eaaa0c86eecaad47

    • SSDEEP

      98304:NOEQv7p1EKwgW7O4vptwZo6T+WO0dzEY6Kk7ob384km+FfOK:Nr2p15ulARrO0d7kw84IGK

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks