f4c840cda9f3b31b1e03e21bbeaf2df0770169c202a077b98de6c55d47af7a98 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

winprofile

windows7-x64

9

winprofile

windows10-1703-x64

9

Resubmissions

13/04/2023, 21:53 UTC

230413-1r5qmaee59 9

13/04/2023, 21:20 UTC

230413-z63n5sed27 9

Sharing

General

Target

f4c840cda9f3b31b1e03e21bbeaf2df0770169c202a077b98de6c55d47af7a98
Size

3.2MB
Sample

230413-z63n5sed27
MD5

07b865ac2674ba343256d64f9428b69e
SHA1

98db0095de527acc477bf4fd56d0d7d7eacb2197
SHA256

f4c840cda9f3b31b1e03e21bbeaf2df0770169c202a077b98de6c55d47af7a98
SHA512

c6a81b796d44b3badc853cda8f645c515220a56fcfc4db3d25ac90ca0078cbd4eda861aa9130cb3cdcb90829812db1131d80912faaf8234c4ddaf55ecd2ff06f
SSDEEP

24576:jGyWHkmafiejXKNKHgk7atFawpeqF+mRNZGNYsYHphq36H2a3UMF3yscLrJgwYpi:jrBjKwHhOtHpeE+GNUJ4rq3Od3jo69mF

Score

9^/10

evasion spyware stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f4c840cda9f3b31b1e03e21bbeaf2df0770169c202a077b98de6c55d47af7a98.exe

Resource

win7-20230220-en

evasion spyware stealer themida trojan

windows7-x64

10 signatures

300 seconds

Behavioral task

behavioral2

Sample

f4c840cda9f3b31b1e03e21bbeaf2df0770169c202a077b98de6c55d47af7a98.exe

Resource

win10-20230220-en

evasion spyware stealer themida trojan

windows10-1703-x64

11 signatures

300 seconds

Malware Config

Targets

- Target
  
  f4c840cda9f3b31b1e03e21bbeaf2df0770169c202a077b98de6c55d47af7a98
- Size
  
  3.2MB
- MD5
  
  07b865ac2674ba343256d64f9428b69e
- SHA1
  
  98db0095de527acc477bf4fd56d0d7d7eacb2197
- SHA256
  
  f4c840cda9f3b31b1e03e21bbeaf2df0770169c202a077b98de6c55d47af7a98
- SHA512
  
  c6a81b796d44b3badc853cda8f645c515220a56fcfc4db3d25ac90ca0078cbd4eda861aa9130cb3cdcb90829812db1131d80912faaf8234c4ddaf55ecd2ff06f
- SSDEEP
  
  24576:jGyWHkmafiejXKNKHgk7atFawpeqF+mRNZGNYsYHphq36H2a3UMF3yscLrJgwYpi:jrBjKwHhOtHpeE+GNUJ4rq3Od3jo69mF
Score

9^/10

evasion spyware stealer themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealerthemidatrojan

behavioral2

evasionspywarestealerthemidatrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.