Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c2766ab84447a67d41077212a98859cbd6d0edcb722b5b6ea9de1cf4b975bc8d
-
Size
4.1MB
-
Sample
240518-1qvh9saa94
-
MD5
730c608ce62f373e03954e39aed8efa7
-
SHA1
207aa1e4503fdad62ebcf66cdda3760c32bd5366
-
SHA256
c2766ab84447a67d41077212a98859cbd6d0edcb722b5b6ea9de1cf4b975bc8d
-
SHA512
839a64b07d237228946675ede3d154fc4607c04215cc76697ff2693ed04d0412b7d8f74292fcd8ed6dc1364c8bb344dbd9a96e19edb401847143ec325a96d118
-
SSDEEP
98304:psVQ+hudF4keJeyEqK0evsENr9r54Wa5Cc1nHXivY:ps5hioeyE6OsERj43nv
Static task
static1
Behavioral task
behavioral1
Sample
c2766ab84447a67d41077212a98859cbd6d0edcb722b5b6ea9de1cf4b975bc8d.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
c2766ab84447a67d41077212a98859cbd6d0edcb722b5b6ea9de1cf4b975bc8d
-
Size
4.1MB
-
MD5
730c608ce62f373e03954e39aed8efa7
-
SHA1
207aa1e4503fdad62ebcf66cdda3760c32bd5366
-
SHA256
c2766ab84447a67d41077212a98859cbd6d0edcb722b5b6ea9de1cf4b975bc8d
-
SHA512
839a64b07d237228946675ede3d154fc4607c04215cc76697ff2693ed04d0412b7d8f74292fcd8ed6dc1364c8bb344dbd9a96e19edb401847143ec325a96d118
-
SSDEEP
98304:psVQ+hudF4keJeyEqK0evsENr9r54Wa5Cc1nHXivY:ps5hioeyE6OsERj43nv
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1