aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

aeb208cb0a...4a.exe

windows7-x64

8

aeb208cb0a...4a.exe

windows10-2004-x64

8

Sharing

General

Target

aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a
Size

817KB
Sample

221206-yl2qnsha24
MD5

fda22cca531a5955a7bc7302661e020a
SHA1

74bf8f5188f32d9663dc13c72f7a10d280317dfb
SHA256

aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a
SHA512

a0d167b0e244766dc08ab076cf88b221301c0cb61bcfaa7f11da86c1b379050179019a3644b3e00ab48e4a09e9eab74cada7153f91dece78b9cc1cd2085b6f2f
SSDEEP

24576:U5ZHwdBltEgsKrp58UThku0SuEU+Y/TEd:UXHw9KgssdD05rTE

Score

8^/10

discovery persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a.exe

Resource

win10v2004-20221111-en

discovery persistence spyware stealer upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a
- Size
  
  817KB
- MD5
  
  fda22cca531a5955a7bc7302661e020a
- SHA1
  
  74bf8f5188f32d9663dc13c72f7a10d280317dfb
- SHA256
  
  aeb208cb0a41ae6453508c12e2873b0f8079da89c10bf8735e0d2b4d4ead184a
- SHA512
  
  a0d167b0e244766dc08ab076cf88b221301c0cb61bcfaa7f11da86c1b379050179019a3644b3e00ab48e4a09e9eab74cada7153f91dece78b9cc1cd2085b6f2f
- SSDEEP
  
  24576:U5ZHwdBltEgsKrp58UThku0SuEU+Y/TEd:UXHw9KgssdD05rTE
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx

© 2018-2025

Terms | Privacy