Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b1bbd84c0e2555a864f24eec342830de6993a5292dbd116870aa46d6cd4f88e

  • Size

    4.2MB

  • Sample

    230529-paay5sbf75

  • MD5

    fa5e956ae03f1747e5f7ffcb929f585d

  • SHA1

    c0f9272c42f24c20466d58426df5e31226eb03a4

  • SHA256

    6b1bbd84c0e2555a864f24eec342830de6993a5292dbd116870aa46d6cd4f88e

  • SHA512

    6741261c80fd34d836e8f5d9c7873f671281dfb6f41c7dd3eed2d6d91d912fab2719a6827371e24af8c59ee4da2d09f792a17cebb8125e760e7afad1d40feb32

  • SSDEEP

    98304:Z80kK0psugryfHpgVJBY2uakw158j0FecvtH0hA5Njh1bz8ph:THulJgVJBYMkw100FntUhAXLsph

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencerootkit

Malware Config

Targets

    • Target

      6b1bbd84c0e2555a864f24eec342830de6993a5292dbd116870aa46d6cd4f88e

    • Size

      4.2MB

    • MD5

      fa5e956ae03f1747e5f7ffcb929f585d

    • SHA1

      c0f9272c42f24c20466d58426df5e31226eb03a4

    • SHA256

      6b1bbd84c0e2555a864f24eec342830de6993a5292dbd116870aa46d6cd4f88e

    • SHA512

      6741261c80fd34d836e8f5d9c7873f671281dfb6f41c7dd3eed2d6d91d912fab2719a6827371e24af8c59ee4da2d09f792a17cebb8125e760e7afad1d40feb32

    • SSDEEP

      98304:Z80kK0psugryfHpgVJBY2uakw158j0FecvtH0hA5Njh1bz8ph:THulJgVJBYMkw100FntUhAXLsph

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistencerootkit

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

      rootkitevasion

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks