Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Kulo Proxy.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Kulo Proxy.exe

  • Size

    5.5MB

  • Sample

    240814-xr869syepe

  • MD5

    54e12440f6cf0297e01f7b163ff7b63a

  • SHA1

    74bf40882aefe4cd4580bd075c714f8679ad8652

  • SHA256

    b431ed16767cb8da4350cff864c6eb236b263768199c7b50518b8dda07f8fd35

  • SHA512

    beb92db97661da1709139f46baef4ee97c3950ae345923048bdeaafadd2703a9406f43a12245f8cfce07e88ea29d1e55610c37ca32d6c7185b375aea5fcfb064

  • SSDEEP

    98304:KrIdSnq6IWdXnvYz8t3uYFdgzWk64nTAtS:GMWAc+YFdCXTd

Score
10/10
eternitycredential_accessdiscoveryevasionspywarestealertrojan

Malware Config

Targets

    • Target

      Kulo Proxy.exe

    • Size

      5.5MB

    • MD5

      54e12440f6cf0297e01f7b163ff7b63a

    • SHA1

      74bf40882aefe4cd4580bd075c714f8679ad8652

    • SHA256

      b431ed16767cb8da4350cff864c6eb236b263768199c7b50518b8dda07f8fd35

    • SHA512

      beb92db97661da1709139f46baef4ee97c3950ae345923048bdeaafadd2703a9406f43a12245f8cfce07e88ea29d1e55610c37ca32d6c7185b375aea5fcfb064

    • SSDEEP

      98304:KrIdSnq6IWdXnvYz8t3uYFdgzWk64nTAtS:GMWAc+YFdCXTd

    Score
    10/10
    eternitycredential_accessdiscoveryevasionspywarestealertrojan

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Detects Eternity stealer

      stealer

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.