Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
50aee372e179f9efefd7adb69b05d6c0_NEIKI
-
Size
4.2MB
-
Sample
240507-2c1zkaea83
-
MD5
50aee372e179f9efefd7adb69b05d6c0
-
SHA1
2b5cecfa44e7727608aba54f32b540bed2979e4d
-
SHA256
c979a1a7ff273a086bff729130647294c8cfbe45b773bf32713a2054e5e0e17d
-
SHA512
8ab650bcc4821c151caa20bd858dea1b3259d98b7b106c6e84412d9cf43049e79a83704c04d87da3f69d703a39160796fcb85d58d98456272d18c46d3713c64d
-
SSDEEP
98304:haVsjom70ndrBFgOmll6jSga2nxCwdk+mvEBS8KssC:h+uom74drMJBirk+iEw83
Static task
static1
Behavioral task
behavioral1
Sample
50aee372e179f9efefd7adb69b05d6c0_NEIKI.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
50aee372e179f9efefd7adb69b05d6c0_NEIKI
-
Size
4.2MB
-
MD5
50aee372e179f9efefd7adb69b05d6c0
-
SHA1
2b5cecfa44e7727608aba54f32b540bed2979e4d
-
SHA256
c979a1a7ff273a086bff729130647294c8cfbe45b773bf32713a2054e5e0e17d
-
SHA512
8ab650bcc4821c151caa20bd858dea1b3259d98b7b106c6e84412d9cf43049e79a83704c04d87da3f69d703a39160796fcb85d58d98456272d18c46d3713c64d
-
SSDEEP
98304:haVsjom70ndrBFgOmll6jSga2nxCwdk+mvEBS8KssC:h+uom74drMJBirk+iEw83
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1