Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7a4a718b11ad4523aae0c76ec5d063e4d415fbf0712e339e02f01699419f69a0

  • Size

    4.1MB

  • Sample

    240519-b6ckyscb58

  • MD5

    440f5f58d8ed0b741e01ed9a54855bd5

  • SHA1

    10363db3d07ecdd9e0aa04ab75a0a6e860170913

  • SHA256

    7a4a718b11ad4523aae0c76ec5d063e4d415fbf0712e339e02f01699419f69a0

  • SHA512

    c0c6bc6c8fa12014b12b85b6e5adbaee68f8814c99b168c5972d2a6216dd4bf55db414bd545dcc4b77f84347bfab286b165eebad7be5e82ca1cd667e004226a3

  • SSDEEP

    98304:KQGLdTw13YmTlGi/xMFRAVNS6wnhY59m5e0z8345T:KLpT0YNaxn5wu5s59YC

Malware Config

Targets

    • Target

      7a4a718b11ad4523aae0c76ec5d063e4d415fbf0712e339e02f01699419f69a0

    • Size

      4.1MB

    • MD5

      440f5f58d8ed0b741e01ed9a54855bd5

    • SHA1

      10363db3d07ecdd9e0aa04ab75a0a6e860170913

    • SHA256

      7a4a718b11ad4523aae0c76ec5d063e4d415fbf0712e339e02f01699419f69a0

    • SHA512

      c0c6bc6c8fa12014b12b85b6e5adbaee68f8814c99b168c5972d2a6216dd4bf55db414bd545dcc4b77f84347bfab286b165eebad7be5e82ca1cd667e004226a3

    • SSDEEP

      98304:KQGLdTw13YmTlGi/xMFRAVNS6wnhY59m5e0z8345T:KLpT0YNaxn5wu5s59YC

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks