typhon | b942051bc7005005adb60a5dae192214608a85ce473506ccaae10c3d23f851bc | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

typhon.exe

windows7-x64

typhon.exe

windows10-2004-x64

Sharing

General

Target

5307261fb71d0f4573c96c30cb96b662.bin
Size

2.2MB
Sample

230423-bye14sbf8s
MD5

5307261fb71d0f4573c96c30cb96b662
SHA1

bb6b371bdb35c7cf78e1f82269798a6f243a45c4
SHA256

b942051bc7005005adb60a5dae192214608a85ce473506ccaae10c3d23f851bc
SHA512

0833c88d47e46fc80e09430cf8cb7686c47e97835774cbeacf34e7cdad7cfdd7dede7f04df2706511a7f0f7e5675b1c54c4b265de72f909b64ee4f3da715d4c3
SSDEEP

49152:Ya2Ggkb77+LXclbiBclGRc/TnJtHxGaB0cqvYdanlE6Vv2:J2GfWLMMBc0W/TJtHRfqLlNV+

Score

10^/10

typhon spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

typhon.exe

Resource

win7-20230220-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

typhon.exe

Resource

win10v2004-20230220-en

typhon spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  typhon.exe
- Size
  
  2.3MB
- MD5
  
  d1d84c844681fe3c672a713c1a3bf52c
- SHA1
  
  099ec412993603c50ec87fd27c2315bd87b6fe7e
- SHA256
  
  a12933ab47993f5b6d09bec935163c7f077576a8b7b8362e397fe4f1ce4e791c
- SHA512
  
  3ee33d27c03f4b1e9977ea8b8905ec070cfc74adf4327dbb81923c2fa2df412d5f9d08b1d7e49c54ccf6333728a8e3c2ae278b79a214bb662854f8019dee25d0
- SSDEEP
  
  49152:8UbowEOvygS7/1sHOqJ02nTPFdRPqxMai2TBmCs2Odw+W7SC:8Ucwti78OqJ7TPB2Tc2Ou
Score

10^/10

typhon stealer spyware
- Detects Typhon stealer
  stealer
- Typhon
  Typhon is a modular stealer written in C#.
  stealer typhon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

typhonspywarestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.