Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bd8d8e47c6354cf9df12b2ba1646d26c2b0f6e437d97f151cd3db3ae351ead6b
-
Size
4.2MB
-
Sample
230530-fsmk8afd27
-
MD5
7755321df289ea0207234442e98d353d
-
SHA1
f42524b38acde2ca22babfb847ded17745d08252
-
SHA256
bd8d8e47c6354cf9df12b2ba1646d26c2b0f6e437d97f151cd3db3ae351ead6b
-
SHA512
cbaa1230478fde2ea735b33d482800efcdf4262e15e51a7002f1200500aed229c5a2cccf9bc9d04c0961591872555df6ceaff763031f4618b3711c350ff4e560
-
SSDEEP
98304:OEetIp/wDrYhBLw7jCPSQSbSuKLRXxaJCNcYPEKwlzgxt5Y/LrznN5YThq:Us/cr2AKZuTKNxaKcYpLxEzP
Malware Config
Targets
-
-
Target
bd8d8e47c6354cf9df12b2ba1646d26c2b0f6e437d97f151cd3db3ae351ead6b
-
Size
4.2MB
-
MD5
7755321df289ea0207234442e98d353d
-
SHA1
f42524b38acde2ca22babfb847ded17745d08252
-
SHA256
bd8d8e47c6354cf9df12b2ba1646d26c2b0f6e437d97f151cd3db3ae351ead6b
-
SHA512
cbaa1230478fde2ea735b33d482800efcdf4262e15e51a7002f1200500aed229c5a2cccf9bc9d04c0961591872555df6ceaff763031f4618b3711c350ff4e560
-
SSDEEP
98304:OEetIp/wDrYhBLw7jCPSQSbSuKLRXxaJCNcYPEKwlzgxt5Y/LrznN5YThq:Us/cr2AKZuTKNxaKcYpLxEzP
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-