Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
123147ad5ed497715ce45fff48dea06ba86c28f147c51854e93a1e67a78f061b
-
Size
4.2MB
-
Sample
240501-y8839sab53
-
MD5
a562d3a5836d2e1b618371b2bb33ac3b
-
SHA1
37ce3a4ac0a8e4aed73aa1f3aa0c166ca61fa97c
-
SHA256
123147ad5ed497715ce45fff48dea06ba86c28f147c51854e93a1e67a78f061b
-
SHA512
6914c04c0550446b6103cbf46daf4aa7374d0fcfd34da7a4364ab5a21585da09e79479782e99c05b4c75e0a882f5b7a14463da788aa46f6803f72dc9ba052995
-
SSDEEP
98304:Y3CqTUMBmlJjM6s3jr9Mbr6MhNkWtRG2g+3upVYo8Fei:Y9TFBm7Ps3jOrbNzhg+3upVT8Ui
Malware Config
Targets
-
-
Target
123147ad5ed497715ce45fff48dea06ba86c28f147c51854e93a1e67a78f061b
-
Size
4.2MB
-
MD5
a562d3a5836d2e1b618371b2bb33ac3b
-
SHA1
37ce3a4ac0a8e4aed73aa1f3aa0c166ca61fa97c
-
SHA256
123147ad5ed497715ce45fff48dea06ba86c28f147c51854e93a1e67a78f061b
-
SHA512
6914c04c0550446b6103cbf46daf4aa7374d0fcfd34da7a4364ab5a21585da09e79479782e99c05b4c75e0a882f5b7a14463da788aa46f6803f72dc9ba052995
-
SSDEEP
98304:Y3CqTUMBmlJjM6s3jr9Mbr6MhNkWtRG2g+3upVYo8Fei:Y9TFBm7Ps3jOrbNzhg+3upVT8Ui
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1