Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2508c2951285a1739ce3f3bb51266ced8da3b38bf244cd5bc0d21a69280d36bb

  • Size

    4.1MB

  • Sample

    240514-pmh6aafc2w

  • MD5

    b0ad905c9dc82ad025c9897ded2bc15b

  • SHA1

    bda3c29d8a8f45cfcee8ac258415d4e5f2ec8e19

  • SHA256

    2508c2951285a1739ce3f3bb51266ced8da3b38bf244cd5bc0d21a69280d36bb

  • SHA512

    56ee0c317280e69be311e8fd1fc944236b107005bbbb3c2481e6b67517fdbe94a51378e3a216b87063d61593c38e8334bad785a6fcfec13fe24b9904da516d15

  • SSDEEP

    98304:GfV9Xpq/Nr9h7yiBXUeur8+6kv7/RnnOPzZEhs:G7XWr9h7zUnHlnn2ZCs

Malware Config

Targets

    • Target

      2508c2951285a1739ce3f3bb51266ced8da3b38bf244cd5bc0d21a69280d36bb

    • Size

      4.1MB

    • MD5

      b0ad905c9dc82ad025c9897ded2bc15b

    • SHA1

      bda3c29d8a8f45cfcee8ac258415d4e5f2ec8e19

    • SHA256

      2508c2951285a1739ce3f3bb51266ced8da3b38bf244cd5bc0d21a69280d36bb

    • SHA512

      56ee0c317280e69be311e8fd1fc944236b107005bbbb3c2481e6b67517fdbe94a51378e3a216b87063d61593c38e8334bad785a6fcfec13fe24b9904da516d15

    • SSDEEP

      98304:GfV9Xpq/Nr9h7yiBXUeur8+6kv7/RnnOPzZEhs:G7XWr9h7zUnHlnn2ZCs

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks