7ffa35a5daa90fa3b85a138f914d708ab133d23d9ac12ee1ae0da48bd9f58399 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

dridex

windows10-2004-x64

Sharing

General

Target

7ffa35a5daa90fa3b85a138f914d708ab133d23d9ac12ee1ae0da48bd9f58399
Size

1.1MB
Sample

230426-ad64esfg2z
MD5

16f64efbbb9967a1e7a576b6620ba8d6
SHA1

0e77fd21e28ae020095a6c539efc15130f0acf83
SHA256

7ffa35a5daa90fa3b85a138f914d708ab133d23d9ac12ee1ae0da48bd9f58399
SHA512

6a4ce6b62251760cb6ac5e4f5d94e16c5e18f1e7016b549ba3844b7c5211563f9a60c495458f62947828f23799a2eb605d365922f4895aff0f13bb816163c308
SSDEEP

12288:Zy904VyUcW3jgK7b87WRBNsph3baHwgtv03ZeZ9FxN2/uEw2i9DyxoNw3LAxHWW+:ZyxVnRmyBo1XgZOSXNZb6Fqj8bsjISe

Score

10^/10

discovery evasion persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7ffa35a5daa90fa3b85a138f914d708ab133d23d9ac12ee1ae0da48bd9f58399.exe

Resource

win10v2004-20230220-en

discovery evasion persistence spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  7ffa35a5daa90fa3b85a138f914d708ab133d23d9ac12ee1ae0da48bd9f58399
- Size
  
  1.1MB
- MD5
  
  16f64efbbb9967a1e7a576b6620ba8d6
- SHA1
  
  0e77fd21e28ae020095a6c539efc15130f0acf83
- SHA256
  
  7ffa35a5daa90fa3b85a138f914d708ab133d23d9ac12ee1ae0da48bd9f58399
- SHA512
  
  6a4ce6b62251760cb6ac5e4f5d94e16c5e18f1e7016b549ba3844b7c5211563f9a60c495458f62947828f23799a2eb605d365922f4895aff0f13bb816163c308
- SSDEEP
  
  12288:Zy904VyUcW3jgK7b87WRBNsph3baHwgtv03ZeZ9FxN2/uEw2i9DyxoNw3LAxHWW+:ZyxVnRmyBo1XgZOSXNZb6Fqj8bsjISe
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy