Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

goodbyedpi...le.cmd

windows7-x64

8

goodbyedpi...le.cmd

windows10-2004-x64

8

goodbyedpi...st.cmd

windows7-x64

1

goodbyedpi...st.cmd

windows10-2004-x64

1

goodbyedpi...BE.cmd

windows7-x64

1

goodbyedpi...BE.cmd

windows10-2004-x64

1

goodbyedpi...LT.cmd

windows7-x64

1

goodbyedpi...LT.cmd

windows10-2004-x64

1

goodbyedpi...ir.cmd

windows7-x64

1

goodbyedpi...ir.cmd

windows10-2004-x64

1

goodbyedpi...ry.cmd

windows7-x64

1

goodbyedpi...ry.cmd

windows10-2004-x64

1

goodbyedpi...ir.cmd

windows7-x64

1

goodbyedpi...ir.cmd

windows10-2004-x64

1

goodbyedpi...st.cmd

windows7-x64

1

goodbyedpi...st.cmd

windows10-2004-x64

1

goodbyedpi...BE.cmd

windows7-x64

1

goodbyedpi...BE.cmd

windows10-2004-x64

1

goodbyedpi...LT.cmd

windows7-x64

1

goodbyedpi...LT.cmd

windows10-2004-x64

1

goodbyedpi...ir.cmd

windows7-x64

1

goodbyedpi...ir.cmd

windows10-2004-x64

1

goodbyedpi...ve.cmd

windows7-x64

1

goodbyedpi...ve.cmd

windows10-2004-x64

1

goodbyedpi...rt.dll

windows7-x64

3

goodbyedpi...rt.dll

windows10-2004-x64

3

goodbyedpi...32.sys

windows10-2004-x64

1

goodbyedpi...64.sys

windows10-2004-x64

1

goodbyedpi...pi.exe

windows7-x64

1

goodbyedpi...pi.exe

windows10-2004-x64

3

goodbyedpi...rt.dll

windows7-x64

1

goodbyedpi...rt.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    goodbyedpi-0.2.3rc3-2.zip

  • Size

    1.0MB

  • Sample

    240915-kzmxsawemk

  • MD5

    55d4ce5319b22fd3e034d0eaad96c770

  • SHA1

    f432fa8cbf4eb4c83021be5bb8fc4881044e7f81

  • SHA256

    37f96b32d050dadcc930a639eba68e1ccd57ed5c04a5f77dfca908f01905a4c5

  • SHA512

    16b99e5354dee688b93aa12ad72cfe8898f3ab88998b9539196d04acf7f16d9ca68217b51a011d3d421eed7ea0f66e35d5f0ccb2399a549fbdac93c7a6c862ee

  • SSDEEP

    24576:ay6piXSJ+HX8RFJF45pRVMj/qcSlw6n3fKDz+fBt+1fu:acQT2XKHSG+PE+JAJu

Score
8/10
discoverydropper

Malware Config

Targets

    • Target

      goodbyedpi-0.2.3rc3-2/0_russia_update_blacklist_file.cmd

    • Size

      130B

    • MD5

      a6af4b081a4cbcd448759306b2366eac

    • SHA1

      0d1d887413e074b0991b5be0ca296f18053502c0

    • SHA256

      d9d7c57c7dedb3a4e6566ddd7623758f53986a2c34e0cd3784b84f7f881a01c4

    • SHA512

      f406b865f4bbe08181f1c1f239f198bab03b5b681174323b78f0b3c1790a1e177473a89ee566dac906c08d044fb0eb9a48991cf773222d378f469bd4941af62f

    Score
    8/10
    dropper
    behavioral1behavioral2

    • Target

      goodbyedpi-0.2.3rc3-2/1_russia_blacklist.cmd

    • Size

      274B

    • MD5

      76763259e528cd27e998fb4c665c2b78

    • SHA1

      f2b6e15dca04c54ace2aefc4bc72656dc7550cab

    • SHA256

      69c8b67fafbca446ce5302e97f9947191ecb84d2a51eae61d4955dc3e2147da0

    • SHA512

      69d35fb64ab4cee901b7ecc9baac437cd4dd5e3feb5b006a0fa8c3d52fce8ac9eea5ee68a6dcea01f5386966ac135e85bfba8fc8eecec5d8c70212e795d0dd76

    Score
    1/10
    behavioral3behavioral4

    • Target

      goodbyedpi-0.2.3rc3-2/1_russia_blacklist_YOUTUBE.cmd

    • Size

      420B

    • MD5

      55e68f566514148bcf844524b4e99041

    • SHA1

      8b1d5715cf9a1513b6db9d74270b20266c047c9e

    • SHA256

      2712d7700e2f3217e826412a5a773487f08a41451849722ffaa08841b8684496

    • SHA512

      075cd6dbe158028bbc315591c69a9554c80dd50c510457f802e5f4f1b34104eefb1113f165061c21c07fecb70bd0d8e7170a97aa3e08107a98eead2b2f7473f0

    Score
    1/10
    behavioral5behavioral6

    • Target

      goodbyedpi-0.2.3rc3-2/1_russia_blacklist_YOUTUBE_ALT.cmd

    • Size

      427B

    • MD5

      74a8e80f39adfd1ff8836a5c05254f37

    • SHA1

      eb6fdfce93b5d3c2bad5724c97584c0676803bae

    • SHA256

      ffd2fc0fefca6cff2525c92ce5a7e6109a4a9e50756de275b85fbd86bec07760

    • SHA512

      1b74775be3d4d5f14874cf3bce0a45d937d972a7d5f7bd9f84b674baae592e3905ca1295461c723846b42c38e17c0dee2c17334d6f4261a8af1aab0077fa6a83

    Score
    1/10
    behavioral7behavioral8

    • Target

      goodbyedpi-0.2.3rc3-2/1_russia_blacklist_dnsredir.cmd

    • Size

      361B

    • MD5

      06018c5958cddd1d0cf3135762aeb2eb

    • SHA1

      42323a08fc5a9d9b600852cd587f0a7dd914858b

    • SHA256

      472d9bd4f0366bb9478b6cd61302f12bf6cffbed038508a67087250bf610e355

    • SHA512

      c49a4b90e08785401049dc374599404976d9a5e145ed0a034f18615d4b8a4c4cf8adc4b714ed7b68445e66546d9c59a5666846d71e70b7fba600659821f4a4f0

    Score
    1/10
    behavioral10behavioral9

    • Target

      goodbyedpi-0.2.3rc3-2/2_any_country.cmd

    • Size

      204B

    • MD5

      72103c58f2ed536ebc07e19fd00fa2f0

    • SHA1

      cd37e3bfdc4dbeecfd945561b8538e328dcfe2f9

    • SHA256

      17a3d7b8b1e1340f67d3687ce9162199c0a25025941d23954880808403487d07

    • SHA512

      4270dfb825f03d41d5911db8cef7de43c58a0401d84bd72e047da6b9fc6753789c070c9fd61bb0145f70b47026ba70d9d18612fefd1314436998adb354de815b

    Score
    1/10
    behavioral11behavioral12

    • Target

      goodbyedpi-0.2.3rc3-2/2_any_country_dnsredir.cmd

    • Size

      291B

    • MD5

      77048213eb9358ff71f99667dd08034b

    • SHA1

      cb35b4554e96f3a7089c103e911eab58c9369d53

    • SHA256

      e599adb50f219cfbd620a21167b6cfc68e326da50836b5985826e45e88d247fe

    • SHA512

      6af0c1281108ad7d61d61ae98ae84e5ad024fed32dd997e2f053dcb40a1d595cf76310ce36397791e747cad984a341a959fd4eb43d284cfcaf6cf17f7c5f7236

    Score
    1/10
    behavioral13behavioral14

    • Target

      goodbyedpi-0.2.3rc3-2/service_install_russia_blacklist.cmd

    • Size

      660B

    • MD5

      af6dac6686b77dc51203800737f41b75

    • SHA1

      385568a96d92ca8206e45b6cf945b2fa11b29f80

    • SHA256

      4d2068f04436998bdf003c430f7bc28f0d0fc7d48031b8a37983f84bad6374bb

    • SHA512

      ae54f13ec18a71983b598f9f2d38231168b9f7de3238f6f742128331f2957e0a770b9502f2bf1997c8f6a6cb0c4bb90e9f4a8156ac807744141c51f4b0c4c49c

    Score
    1/10
    behavioral15behavioral16

    • Target

      goodbyedpi-0.2.3rc3-2/service_install_russia_blacklist_YOUTUBE.cmd

    • Size

      806B

    • MD5

      ab8e1d24adbba8444d9a1970b594f18f

    • SHA1

      615475706fb8b2bac8e9dbb24ec1048b6c5a71b0

    • SHA256

      1b50fb46b29a8b43cf5df5d34dfa4dc4148ff0c9c695392a8cfce9e360b5ab69

    • SHA512

      e49cdc4babb30e6c3369b1baa713fa4c4b6f9e391ab25d95992583515cdbcc4f5ba3444998060359813bb2a490737518895c4d8a55411eb44614da5734c53232

    Score
    1/10
    behavioral17behavioral18

    • Target

      goodbyedpi-0.2.3rc3-2/service_install_russia_blacklist_YOUTUBE_ALT.cmd

    • Size

      813B

    • MD5

      e9b8f24c9624866d1607c05b6a79a6ec

    • SHA1

      b7dc28788112d3dbdf489418d609a13f9fcf95cc

    • SHA256

      98191c999493a3aa6018550c3dded3b6aa4f2b7c071f8acbf00d3f06c8df13bb

    • SHA512

      35027fff139e666fd53e1f0272ebf9ea0e445f7595a8e5a978e3d76a29a67da9a22b890aa85512ef1df8cdd75a5e365284c22dc6de2cff4471bb40114eb5973d

    Score
    1/10
    behavioral19behavioral20

    • Target

      goodbyedpi-0.2.3rc3-2/service_install_russia_blacklist_dnsredir.cmd

    • Size

      747B

    • MD5

      77b1d63472e67c4368961c463cc1d92c

    • SHA1

      7653fa303944e6f2436ef72ad8a6d11eb6f8b95e

    • SHA256

      450f2b003fb579f897eded1131c9e893afde7b2ebf07b86110449e57ed9a0da8

    • SHA512

      67763f15836d456bd8713533599f2bc6d97d16887fc4078f5c5c36ec0b42beffc267e5eb9396f16aa350ce39a61c57ecc1c82e32068495a74489af68dacc3a31

    Score
    1/10
    behavioral21behavioral22

    • Target

      goodbyedpi-0.2.3rc3-2/service_remove.cmd

    • Size

      309B

    • MD5

      204b35d000d6b29c1102b1d8b6a63dc7

    • SHA1

      94a92cb8ea948b5ebac3b3eea2cb9bcf31f85e20

    • SHA256

      63915b4b09658cdfec4c74923650398d9fc497ae3ce9e68c5592337051d2fb64

    • SHA512

      bb9dfa323938700c562bd68e5c1bb500e39b9f7ece58a3c7284ee0a895b4bd4b2337f693e9593d190a4461d66694ea7ec135e7b83824edce9ff73b7e4d413db7

    Score
    1/10
    behavioral23behavioral24

    • Target

      goodbyedpi-0.2.3rc3-2/x86/WinDivert.dll

    • Size

      42KB

    • MD5

      1cb0efd60883b5637b31bf46c34ae199

    • SHA1

      b91de8d5f072f8c6aabd029d96568effdd5662d9

    • SHA256

      625ffdd95bfabff32d0e8a95beabcd303c01c8bba73b90402d4e84d6e15dd8e5

    • SHA512

      68c7c257b8cd28011f4b9af09b1e4c7b3d69c6f1457ca6f68fe114fcb382e470b87b9c12ca5d6d4aedd27a103a35fac9093c08b288867cceb9621a60ac70a6f7

    • SSDEEP

      768:/BD4bCa+EfZ9+EwleNwYLWKkR9c5s1R2wdRt7JtXwxwprTKkimOyd:/BD4bCofZ8VYwYyKkR9c542wdRQ0TKkV

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      goodbyedpi-0.2.3rc3-2/x86/WinDivert32.sys

    • Size

      75KB

    • MD5

      cd477ee96ff05cacda8ac3c0e9316d7a

    • SHA1

      68da0c17728aa672f140477b3822aefb5810c8b5

    • SHA256

      29ca5ceb59c9c6993a349e82b1fd46078e6f8a302764153ab84fa22e382fcdca

    • SHA512

      27e13504eb291a5324d824360532ca6d19c409022c72f5609ca55f92558388e3f25f1e8d657afd3d1e4f9ea9c082483c954d6f4e89df049e4f732383a04adcad

    • SSDEEP

      1536:tVYIJtdRHzb+uzucD5GYLKYaU6s8BLcHWXizv65Q4:tmidRHzMcDQY/aC8B8gevL4

    Score
    1/10
    behavioral27

    • Target

      goodbyedpi-0.2.3rc3-2/x86/WinDivert64.sys

    • Size

      89KB

    • MD5

      6a33620de63bccaf5e5314ee49cd58fb

    • SHA1

      ac728b339681b2e27099fecc1419821f01d04b34

    • SHA256

      e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50

    • SHA512

      638d1b8aa4dc0e4ac504f51aaa3ec8375ccc3d69a4d36821f6bb98060b58586007f47966b9d58d222b9f067e12e80755f56559286cbabec8746146acaf24f945

    • SSDEEP

      1536:8ovgCRgYL/h//oJJw5AdPtey2AyWpdsihch9WXi2v6MuO2:84jmJJsKle9A5pdsiqg/vsO2

    Score
    1/10
    behavioral28

    • Target

      goodbyedpi-0.2.3rc3-2/x86/goodbyedpi.exe

    • Size

      98KB

    • MD5

      9c3f16d5a0aff180f9d04ae6c0fe1f28

    • SHA1

      c0febd0e54c2a335ee348233e9555eef4816663e

    • SHA256

      66e202c9fce9e769e2bc791b7fd6f56f21eab59f607f4ed0724e0c68c430dd1f

    • SHA512

      746ccd373f025d95ca4f55cb212ba6b259a6f17d7e2c5807940cc0d1d31ea61c943a6aa4fc91b2ec432ed1d04ffee4b4c3b78db2cdbb474399313bf26f56a4ac

    • SSDEEP

      3072:wjnafjFO9vbnTrjP7HzfLXDvnTr3jP7HzfLXDvbnT/rjI3XLS84mUgIDJO:46RO9vbnTrjP7HzfLXDvnTr3jP7HzfL2

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      goodbyedpi-0.2.3rc3-2/x86_64/WinDivert.dll

    • Size

      46KB

    • MD5

      88e1c19b978436258f7c938013408a8a

    • SHA1

      09b77c8c85757e11667a7b83231598dd67fe0b8b

    • SHA256

      6110bfa44667405179c3e15e12af1b62037e447ed59b054b19042032995e6c7e

    • SHA512

      eaa0d8369b76fd9a4978f14702716ae31d801cd0dc36a86531f9320b4ddb683265c4f0e07af2b9d2e85f513270d98d1b11ae7d501d08287442bc505176d16e14

    • SSDEEP

      768:itSVluu2agCfRSB3QEw2VWHxWYuaO6JXtltdUUwhqWB8TicI:bUZWECHxWDABdIyTic

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

dropper
Score
8/10

behavioral2

dropper
Score
8/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

discovery
Score
3/10

behavioral31

Score
1/10

behavioral32

Score
1/10