Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bad85e17d3c776eb5647c69195cf69a1d7f19f9f701ca0c6b64e60878f113ddc

  • Size

    4.1MB

  • Sample

    230216-xw1qpabc73

  • MD5

    a82a952aa6fd2115c225a0ce3450b865

  • SHA1

    a3fca7ba7c699fdf0ee937ce752e963304944c47

  • SHA256

    bad85e17d3c776eb5647c69195cf69a1d7f19f9f701ca0c6b64e60878f113ddc

  • SHA512

    4b8e839e540aadf186dbd7675da1723f380d369a615b939668c36eb8b27ea42ec99af93aa25fe46681317cdc9d47e5c1d2ca51b12f112c832a5ade6e9bb6fbe7

  • SSDEEP

    98304:JSqZc3lG6PQ9g3Nu8oHz3oTQ4flENBQZlQ/TqYNZXHd:Q8wwpos4tI+l2eYNZt

Score
10/10
gluptebadiscoverydropperevasionloaderpersistence

Malware Config

Targets

    • Target

      bad85e17d3c776eb5647c69195cf69a1d7f19f9f701ca0c6b64e60878f113ddc

    • Size

      4.1MB

    • MD5

      a82a952aa6fd2115c225a0ce3450b865

    • SHA1

      a3fca7ba7c699fdf0ee937ce752e963304944c47

    • SHA256

      bad85e17d3c776eb5647c69195cf69a1d7f19f9f701ca0c6b64e60878f113ddc

    • SHA512

      4b8e839e540aadf186dbd7675da1723f380d369a615b939668c36eb8b27ea42ec99af93aa25fe46681317cdc9d47e5c1d2ca51b12f112c832a5ade6e9bb6fbe7

    • SSDEEP

      98304:JSqZc3lG6PQ9g3Nu8oHz3oTQ4flENBQZlQ/TqYNZXHd:Q8wwpos4tI+l2eYNZt

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistence

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks