Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
af34b4cc7052f2676f67626cca7aac26c58bd440275e536e7b07d42c3534acb6
-
Size
4.2MB
-
Sample
231006-pwj4yadf22
-
MD5
54d8a57a27ac6dbb7c5e3788fde180af
-
SHA1
b9245ffd13ada5964927be9c3005dac1a264a6a2
-
SHA256
af34b4cc7052f2676f67626cca7aac26c58bd440275e536e7b07d42c3534acb6
-
SHA512
94bedc322530b418d100df61fc03d647b524065232e1b1a611d67c8865339e24b33a906ae2e2c89a3b9680c3dc786c6d76deb7832dbcd2297ec09e3bb64e980c
-
SSDEEP
98304:N3eqCz2PBKHiRxrRC5cH++3I1lp+ihk0Ue8KZP5FG+JxfUaK7/:xPBKHkX+XQihPUeXBk+z8aW
Malware Config
Targets
-
-
Target
af34b4cc7052f2676f67626cca7aac26c58bd440275e536e7b07d42c3534acb6
-
Size
4.2MB
-
MD5
54d8a57a27ac6dbb7c5e3788fde180af
-
SHA1
b9245ffd13ada5964927be9c3005dac1a264a6a2
-
SHA256
af34b4cc7052f2676f67626cca7aac26c58bd440275e536e7b07d42c3534acb6
-
SHA512
94bedc322530b418d100df61fc03d647b524065232e1b1a611d67c8865339e24b33a906ae2e2c89a3b9680c3dc786c6d76deb7832dbcd2297ec09e3bb64e980c
-
SSDEEP
98304:N3eqCz2PBKHiRxrRC5cH++3I1lp+ihk0Ue8KZP5FG+JxfUaK7/:xPBKHkX+XQihPUeXBk+z8aW
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1