Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fa8ab65c749caba5d25c9396f466cff056904e782cad64386282eb2f98464c3c
-
Size
4.2MB
-
Sample
230803-s47rradh83
-
MD5
5c8dba8fb13508894f2fb31393b0187e
-
SHA1
6c7ae0190fa6fa7b19cb21940dc5a1e9e49236ca
-
SHA256
fa8ab65c749caba5d25c9396f466cff056904e782cad64386282eb2f98464c3c
-
SHA512
b236c0835a7f6ab236c2abe22dc261ffc24fb1c23a2d8beea978aea4fb9f97bd54412c8c90941c644d70bec83efe8268d72959b67be2ac319f1d8aa9173ca54d
-
SSDEEP
98304:ZHU6+Sn5CsqTqiHVwBaITzpP7PTSvojqwXqjZyh1IBDxW:Z06+IqTqi1wBaOZ7PTEoj/XqwIBD0
Malware Config
Targets
-
-
Target
fa8ab65c749caba5d25c9396f466cff056904e782cad64386282eb2f98464c3c
-
Size
4.2MB
-
MD5
5c8dba8fb13508894f2fb31393b0187e
-
SHA1
6c7ae0190fa6fa7b19cb21940dc5a1e9e49236ca
-
SHA256
fa8ab65c749caba5d25c9396f466cff056904e782cad64386282eb2f98464c3c
-
SHA512
b236c0835a7f6ab236c2abe22dc261ffc24fb1c23a2d8beea978aea4fb9f97bd54412c8c90941c644d70bec83efe8268d72959b67be2ac319f1d8aa9173ca54d
-
SSDEEP
98304:ZHU6+Sn5CsqTqiHVwBaITzpP7PTSvojqwXqjZyh1IBDxW:Z06+IqTqi1wBaOZ7PTEoj/XqwIBD0
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1