Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Clutt6.6.6.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Clutt6.6.6.exe

  • Size

    4.5MB

  • Sample

    250327-ppp2ls1zd1

  • MD5

    ebe2598356ddaa94e3c507a3bf3fbaaf

  • SHA1

    12fbb71303fbad2d1d6b644d67f3d895ed417ea2

  • SHA256

    bce721a6081d418d0e00bce7dfb5a6b957767b0138690f7e5d642181556b8296

  • SHA512

    e541c1e25c081530b7102445d57c70ceaabb3a719ac895b1322305d3b2e0c6d8cd42dbb231285473a48c8221d94cfd3f9aab431a2aaaf551b55b060d83f87552

  • SSDEEP

    98304:jpwhVUMFFWIV5grw46s655grwrI8FFhnhV:Vw0MFsd6s6P3FTn

Score
10/10
bootkitdefense_evasiondiscoveryexploitpersistence

Malware Config

Targets

    • Target

      Clutt6.6.6.exe

    • Size

      4.5MB

    • MD5

      ebe2598356ddaa94e3c507a3bf3fbaaf

    • SHA1

      12fbb71303fbad2d1d6b644d67f3d895ed417ea2

    • SHA256

      bce721a6081d418d0e00bce7dfb5a6b957767b0138690f7e5d642181556b8296

    • SHA512

      e541c1e25c081530b7102445d57c70ceaabb3a719ac895b1322305d3b2e0c6d8cd42dbb231285473a48c8221d94cfd3f9aab431a2aaaf551b55b060d83f87552

    • SSDEEP

      98304:jpwhVUMFFWIV5grw46s655grwrI8FFhnhV:Vw0MFsd6s6P3FTn

    Score
    10/10
    bootkitdefense_evasiondiscoveryexploitpersistence

    • Modifies WinLogon for persistence

      persistence

    • Disables RegEdit via registry modification

      defense_evasion

    • Disables Task Manager via registry modification

      defense_evasion

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks