Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bd5037bd769ca09bd5a83686f28f7dd128ac468a098d787d2c1ceef40880c8ac

  • Size

    4.1MB

  • Sample

    240515-lrj2labg2s

  • MD5

    bc37e3869b19ce8b24c6e8c60c0f10ba

  • SHA1

    6cccfd171c6dc9ddb0f324d82591cade3fba3425

  • SHA256

    bd5037bd769ca09bd5a83686f28f7dd128ac468a098d787d2c1ceef40880c8ac

  • SHA512

    39bf128f2e4e0d25af81e7609ad3cfef27d48e24606b572817be4897de8fd612d448fa2b9961e4e826743107d6e6e708c7ade132823414d0f9c5abe100f0759e

  • SSDEEP

    98304:brCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N6I:brCy8l0I4UGC6Dg3yk88npI

Malware Config

Targets

    • Target

      bd5037bd769ca09bd5a83686f28f7dd128ac468a098d787d2c1ceef40880c8ac

    • Size

      4.1MB

    • MD5

      bc37e3869b19ce8b24c6e8c60c0f10ba

    • SHA1

      6cccfd171c6dc9ddb0f324d82591cade3fba3425

    • SHA256

      bd5037bd769ca09bd5a83686f28f7dd128ac468a098d787d2c1ceef40880c8ac

    • SHA512

      39bf128f2e4e0d25af81e7609ad3cfef27d48e24606b572817be4897de8fd612d448fa2b9961e4e826743107d6e6e708c7ade132823414d0f9c5abe100f0759e

    • SSDEEP

      98304:brCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N6I:brCy8l0I4UGC6Dg3yk88npI

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks