Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
eeed2a84f7cb7870029b27e7311e97e460a811bd16917af0ff03984bc04c422a
-
Size
4.1MB
-
Sample
230818-fhgxzshb21
-
MD5
63a4b7a75c7f61b0b8e5bcff76ea568f
-
SHA1
f6cc6719abbbd9153c56c8b1003545bbddb8866e
-
SHA256
eeed2a84f7cb7870029b27e7311e97e460a811bd16917af0ff03984bc04c422a
-
SHA512
b5f6267a8f7ff26d098f8478aedb335376ecf505a8f7e40ff5fc8ca1800c453c88ca4919d45b9732ac795192025bd161edbc2189d964b51555a692c8485b2d32
-
SSDEEP
98304:/MsNBclsZXBxG6zVUpkrCaOkTsxJyhxrRx4FuNAnKgoIm5:Us8lsZXu6ypkrCH1yhxrvPezc
Malware Config
Targets
-
-
Target
eeed2a84f7cb7870029b27e7311e97e460a811bd16917af0ff03984bc04c422a
-
Size
4.1MB
-
MD5
63a4b7a75c7f61b0b8e5bcff76ea568f
-
SHA1
f6cc6719abbbd9153c56c8b1003545bbddb8866e
-
SHA256
eeed2a84f7cb7870029b27e7311e97e460a811bd16917af0ff03984bc04c422a
-
SHA512
b5f6267a8f7ff26d098f8478aedb335376ecf505a8f7e40ff5fc8ca1800c453c88ca4919d45b9732ac795192025bd161edbc2189d964b51555a692c8485b2d32
-
SSDEEP
98304:/MsNBclsZXBxG6zVUpkrCaOkTsxJyhxrRx4FuNAnKgoIm5:Us8lsZXu6ypkrCH1yhxrvPezc
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1