5cf8739b3accf2c3a2dfd281a652f0dd63a33e37450295a581934ee482a112c9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Full_Versi...up.exe

windows7-x64

5

Full_Versi...up.exe

windows10-2004-x64

8

Sharing

General

Target

Full_Version.rar
Size

45.0MB
Sample

230305-zlmr7ahd69
MD5

ad0a78113cdcf7f58875102507adab04
SHA1

f0174a25b14d5b1daa970d02f7e067652cac092b
SHA256

5cf8739b3accf2c3a2dfd281a652f0dd63a33e37450295a581934ee482a112c9
SHA512

e42ad266d73898e1ec1a3115963ed1a8a63961f2a08eecbada61c1e6610d25f2ef4cc9714273eb5c3238e69c7db702d3199d7586744c6fdbb3a6ce87ffbf096e
SSDEEP

786432:o1xaq21T/EYZW432uUyM2KKE5ayRRIE+55tGbLh9OmFCabha5BmYIifPxV:H4Y3GuUzKcRRoOLj1rha5sxiXxV

Score

8^/10

discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Full_Version/Sеtup.exe

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

Full_Version/Sеtup.exe

Resource

win10v2004-20230220-en

discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Full_Version/Sеtup.exe
- Size
  
  733.4MB
- MD5
  
  27b1f6e6a22fb3cc7ea8e1eab16768d8
- SHA1
  
  3f459434e3857017225857638597fda71210e170
- SHA256
  
  f3f5d6a9fdcb53246bcc3660e7802199ca1f3bdea88724fcc8f0fda3441cba4c
- SHA512
  
  a31fabf178a4fa9c60f582899296e78fa3832301c881b3969c04634ec00aec172a643ce3518314b403e37ce06bbe7aaca041abe438225ee06c3615efa0659b50
- SSDEEP
  
  393216:gZTPNjdghreKEpUFuTrVUkznVydZ3yRlBhBtKhRMg:aTlYbEjBUkbkbygzMg
Score

8^/10

discovery spyware stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealer

© 2018-2025

Terms | Privacy