Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
df6d3650fbe39e8c7bceab747c2e98da8ffc2d9e7e03119ae26970c87ff0da71
-
Size
4.1MB
-
Sample
230817-ffxwesfc82
-
MD5
91bc77b3afea465a26b986bb43ab1d8e
-
SHA1
de57d14a57a05d3f9927941de0528bf495e17b3e
-
SHA256
df6d3650fbe39e8c7bceab747c2e98da8ffc2d9e7e03119ae26970c87ff0da71
-
SHA512
92fbf8c8a28c091ea853e9660897555776436debb5f57b79b6f9bd60cdc54cc02cfde846d02c2f89ac10fab11b2f5c02605de6d1e84ea4b343a83c8ef5da9340
-
SSDEEP
98304:CYVq9fXRniTOgwql/ulYbJHICITpobcbJuN8HouOMQZ2D:O5niIqNuMKTpoRPJ2D
Malware Config
Targets
-
-
Target
df6d3650fbe39e8c7bceab747c2e98da8ffc2d9e7e03119ae26970c87ff0da71
-
Size
4.1MB
-
MD5
91bc77b3afea465a26b986bb43ab1d8e
-
SHA1
de57d14a57a05d3f9927941de0528bf495e17b3e
-
SHA256
df6d3650fbe39e8c7bceab747c2e98da8ffc2d9e7e03119ae26970c87ff0da71
-
SHA512
92fbf8c8a28c091ea853e9660897555776436debb5f57b79b6f9bd60cdc54cc02cfde846d02c2f89ac10fab11b2f5c02605de6d1e84ea4b343a83c8ef5da9340
-
SSDEEP
98304:CYVq9fXRniTOgwql/ulYbJHICITpobcbJuN8HouOMQZ2D:O5niIqNuMKTpoRPJ2D
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1