Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e22e0ebd26f2afb469c55e6e235fe92705cf4a70da5debc4d041ec1aed022b53
-
Size
4.2MB
-
Sample
240426-pssxnsce3v
-
MD5
e4e9f1a48f7aab6c12ab3553df4195f1
-
SHA1
cf266c0238dac9759d27a7b8d01a0d0af1f16cf8
-
SHA256
e22e0ebd26f2afb469c55e6e235fe92705cf4a70da5debc4d041ec1aed022b53
-
SHA512
6864cdca3a60e6f59e7121149b0255fd7c615df76f1e8ad9a92badd2454c44dac43576b59b390637a6831b22a0b5f2f0e0cbcea66e1359fb2a46b156c72ef24f
-
SSDEEP
98304:GoYeyy8kHe78wPlePBdIBkk7XHCPR9lUiyPcb7obt3hLJPXS:lYed8id2le5CV69lULPddS
Malware Config
Targets
-
-
Target
e22e0ebd26f2afb469c55e6e235fe92705cf4a70da5debc4d041ec1aed022b53
-
Size
4.2MB
-
MD5
e4e9f1a48f7aab6c12ab3553df4195f1
-
SHA1
cf266c0238dac9759d27a7b8d01a0d0af1f16cf8
-
SHA256
e22e0ebd26f2afb469c55e6e235fe92705cf4a70da5debc4d041ec1aed022b53
-
SHA512
6864cdca3a60e6f59e7121149b0255fd7c615df76f1e8ad9a92badd2454c44dac43576b59b390637a6831b22a0b5f2f0e0cbcea66e1359fb2a46b156c72ef24f
-
SSDEEP
98304:GoYeyy8kHe78wPlePBdIBkk7XHCPR9lUiyPcb7obt3hLJPXS:lYed8id2le5CV69lULPddS
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1