Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab6d908efb24052793726211fb0b606e81e0b6d793f81f46ef00316b136c85a2

  • Size

    4.1MB

  • Sample

    231113-fyb2nsac32

  • MD5

    b9a59de850cd5b08181274857a3932ff

  • SHA1

    bb45f57dcb40795f53871e8d4e82f35c6b8ada7c

  • SHA256

    ab6d908efb24052793726211fb0b606e81e0b6d793f81f46ef00316b136c85a2

  • SHA512

    e7c318905f9369d765853908b7e1c8769df6606957cccb2bd62a36cf169c43fb7d9ea93958c0525f6c97347c3eb2cd97a4d73e7dd77121be842728acb0262acf

  • SSDEEP

    98304:toqavo8JeDikLz/Ip292aSnBhM8FjWYSzbRzG+/qm1f:toq76Yngva6MJrpzGe9

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencerootkitupx

Malware Config

Targets

    • Target

      ab6d908efb24052793726211fb0b606e81e0b6d793f81f46ef00316b136c85a2

    • Size

      4.1MB

    • MD5

      b9a59de850cd5b08181274857a3932ff

    • SHA1

      bb45f57dcb40795f53871e8d4e82f35c6b8ada7c

    • SHA256

      ab6d908efb24052793726211fb0b606e81e0b6d793f81f46ef00316b136c85a2

    • SHA512

      e7c318905f9369d765853908b7e1c8769df6606957cccb2bd62a36cf169c43fb7d9ea93958c0525f6c97347c3eb2cd97a4d73e7dd77121be842728acb0262acf

    • SSDEEP

      98304:toqavo8JeDikLz/Ip292aSnBhM8FjWYSzbRzG+/qm1f:toq76Yngva6MJrpzGe9

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistencerootkitupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

      rootkitevasion

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.