Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
73d93bc44558c1651e92fdda2aa03f3c6a8b8fcf37552305420703439272c96a
-
Size
4.2MB
-
Sample
230829-ltn4bsbg36
-
MD5
2b8e7dc4c905490c6fe86bb883ca139b
-
SHA1
c530971180d0513b3e36d909037b9334192b16c5
-
SHA256
73d93bc44558c1651e92fdda2aa03f3c6a8b8fcf37552305420703439272c96a
-
SHA512
7bb88f12fa5b1f440458ca3269a4b58fafae179ab996ec7720308e782448a12bf24ce88c0e46a852a95f59d7afc75678f6e6b2ad3cb5d8e9f3ac5c4939bde860
-
SSDEEP
98304:j+puVteKx1pqKSkGnKQ1oMsooX5Xl4ul66+0kj5K:ipuVtNHZHxXl4mB
Malware Config
Targets
-
-
Target
73d93bc44558c1651e92fdda2aa03f3c6a8b8fcf37552305420703439272c96a
-
Size
4.2MB
-
MD5
2b8e7dc4c905490c6fe86bb883ca139b
-
SHA1
c530971180d0513b3e36d909037b9334192b16c5
-
SHA256
73d93bc44558c1651e92fdda2aa03f3c6a8b8fcf37552305420703439272c96a
-
SHA512
7bb88f12fa5b1f440458ca3269a4b58fafae179ab996ec7720308e782448a12bf24ce88c0e46a852a95f59d7afc75678f6e6b2ad3cb5d8e9f3ac5c4939bde860
-
SSDEEP
98304:j+puVteKx1pqKSkGnKQ1oMsooX5Xl4ul66+0kj5K:ipuVtNHZHxXl4mB
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1