Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0090cf23254e6c0a2d033bb3f288fb94a7a09016a81e787cd476fe5f71f42037
-
Size
4.1MB
-
Sample
230818-3n5bssfb84
-
MD5
59bad90b34f65664cdb22fa0306c1058
-
SHA1
b623971f4840786bc6492b011944b889bc6e468c
-
SHA256
0090cf23254e6c0a2d033bb3f288fb94a7a09016a81e787cd476fe5f71f42037
-
SHA512
d43bb90f2d8abfa148e2d1c36d396947e1eaeb019baaff582d7e4ad76399ea1ffca4dd9838f6fec24fb434d23c6f4d51a9c29140f37bb0e9e3a3dd7631c27eaa
-
SSDEEP
98304:7LiWUcl5dRYjiauDJtj/YdqcaFILC0tFKknLdeqatqHXx9ypY9W:7Lr/5dRscN2dqcgHVkLdRGqHXvyL
Malware Config
Targets
-
-
Target
0090cf23254e6c0a2d033bb3f288fb94a7a09016a81e787cd476fe5f71f42037
-
Size
4.1MB
-
MD5
59bad90b34f65664cdb22fa0306c1058
-
SHA1
b623971f4840786bc6492b011944b889bc6e468c
-
SHA256
0090cf23254e6c0a2d033bb3f288fb94a7a09016a81e787cd476fe5f71f42037
-
SHA512
d43bb90f2d8abfa148e2d1c36d396947e1eaeb019baaff582d7e4ad76399ea1ffca4dd9838f6fec24fb434d23c6f4d51a9c29140f37bb0e9e3a3dd7631c27eaa
-
SSDEEP
98304:7LiWUcl5dRYjiauDJtj/YdqcaFILC0tFKknLdeqatqHXx9ypY9W:7Lr/5dRscN2dqcgHVkLdRGqHXvyL
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1