Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a1dfed167888eb163ca2133c49c8d9bd1fea8c18b8ddcc95f5d6b88cf825a3aa
-
Size
4.2MB
-
Sample
240502-t99zqseh93
-
MD5
bcce672b9bf60b7d65baed2fec91338c
-
SHA1
de2f487f422d070dffca40be4d6cc338ee375de7
-
SHA256
a1dfed167888eb163ca2133c49c8d9bd1fea8c18b8ddcc95f5d6b88cf825a3aa
-
SHA512
9e336fe670037655e8c9a0b85b1a28334cb68df7ddea1ddf1e5158637ba1a24cd0777ece06da30a9f5b74aa807e0117bcb524ffc887768bb2a18705cd10b5066
-
SSDEEP
98304:RaVsjom70ndrBFgOmll6jSga2nxCwdk+mvEBS8Kssb:R+uom74drMJBirk+iEw8W
Static task
static1
Behavioral task
behavioral1
Sample
a1dfed167888eb163ca2133c49c8d9bd1fea8c18b8ddcc95f5d6b88cf825a3aa.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
a1dfed167888eb163ca2133c49c8d9bd1fea8c18b8ddcc95f5d6b88cf825a3aa
-
Size
4.2MB
-
MD5
bcce672b9bf60b7d65baed2fec91338c
-
SHA1
de2f487f422d070dffca40be4d6cc338ee375de7
-
SHA256
a1dfed167888eb163ca2133c49c8d9bd1fea8c18b8ddcc95f5d6b88cf825a3aa
-
SHA512
9e336fe670037655e8c9a0b85b1a28334cb68df7ddea1ddf1e5158637ba1a24cd0777ece06da30a9f5b74aa807e0117bcb524ffc887768bb2a18705cd10b5066
-
SSDEEP
98304:RaVsjom70ndrBFgOmll6jSga2nxCwdk+mvEBS8Kssb:R+uom74drMJBirk+iEw8W
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1