60218341e1850d8a399e3bf0fcd1e5c5c5bc3f8d313b75e98e93d109eb2fce9f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

60218341e1...9f.exe

windows7-x64

8

60218341e1...9f.exe

windows10-2004-x64

1

Sharing

General

Target

60218341e1850d8a399e3bf0fcd1e5c5c5bc3f8d313b75e98e93d109eb2fce9f
Size

832KB
Sample

221106-knpbgacch9
MD5

3b76a251038bae7c550a4274d2243500
SHA1

1acb36b30f63d9211353d51f5e0d232a979cfbc0
SHA256

60218341e1850d8a399e3bf0fcd1e5c5c5bc3f8d313b75e98e93d109eb2fce9f
SHA512

52478f5dc737b30bad32e639890beb6cdebf314add2beb06b73a175b12dcbdde22cb4eddf151afc5230d06eec55c06936b425d8c067c81b17733102e7a3fe7ea
SSDEEP

24576:kFNYEP/xom62nbMYRvYnf0UwhFLjvF7O4:kFN3L6ytRvYnczNh

Score

8^/10

discovery persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

60218341e1850d8a399e3bf0fcd1e5c5c5bc3f8d313b75e98e93d109eb2fce9f.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

60218341e1850d8a399e3bf0fcd1e5c5c5bc3f8d313b75e98e93d109eb2fce9f.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  60218341e1850d8a399e3bf0fcd1e5c5c5bc3f8d313b75e98e93d109eb2fce9f
- Size
  
  832KB
- MD5
  
  3b76a251038bae7c550a4274d2243500
- SHA1
  
  1acb36b30f63d9211353d51f5e0d232a979cfbc0
- SHA256
  
  60218341e1850d8a399e3bf0fcd1e5c5c5bc3f8d313b75e98e93d109eb2fce9f
- SHA512
  
  52478f5dc737b30bad32e639890beb6cdebf314add2beb06b73a175b12dcbdde22cb4eddf151afc5230d06eec55c06936b425d8c067c81b17733102e7a3fe7ea
- SSDEEP
  
  24576:kFNYEP/xom62nbMYRvYnf0UwhFLjvF7O4:kFN3L6ytRvYnczNh
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

© 2018-2025

Terms | Privacy