c84a07cb25dc9affdbba7a9bd371c5e0da3d3920fd7470c9d95cbcedd9f31396 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

c84a07cb25dc9affdbba7a9bd371c5e0da3d3920fd7470c9d95cbcedd9f31396
Size

599KB
Sample

230504-qfkaface85
MD5

43b5c43fb2efd3cc59ffbdd497f348be
SHA1

ac3dd4a7ee78ff570f3d35ebbe9e04ec53833a2e
SHA256

c84a07cb25dc9affdbba7a9bd371c5e0da3d3920fd7470c9d95cbcedd9f31396
SHA512

a53d0c75dbeff89fc069b4090e5a8e4da923c333a7673018a3e4869efc7764e956ad28ff4f5db3eb52147d61f2d3eba3376652e9ebd29cb204246aed6befd86b
SSDEEP

12288:OMr8y90V2OFBATFiKTBooX1IfCuspKLpM1l6FMdPWw2VgkpMmbou:myi3FBKkDgafAKLpyl+Vzdbd

Score

10^/10

discovery evasion persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c84a07cb25dc9affdbba7a9bd371c5e0da3d3920fd7470c9d95cbcedd9f31396.exe

Resource

win10-20230220-en

discovery evasion persistence spyware stealer trojan

windows10-1703-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  c84a07cb25dc9affdbba7a9bd371c5e0da3d3920fd7470c9d95cbcedd9f31396
- Size
  
  599KB
- MD5
  
  43b5c43fb2efd3cc59ffbdd497f348be
- SHA1
  
  ac3dd4a7ee78ff570f3d35ebbe9e04ec53833a2e
- SHA256
  
  c84a07cb25dc9affdbba7a9bd371c5e0da3d3920fd7470c9d95cbcedd9f31396
- SHA512
  
  a53d0c75dbeff89fc069b4090e5a8e4da923c333a7673018a3e4869efc7764e956ad28ff4f5db3eb52147d61f2d3eba3376652e9ebd29cb204246aed6befd86b
- SSDEEP
  
  12288:OMr8y90V2OFBATFiKTBooX1IfCuspKLpM1l6FMdPWw2VgkpMmbou:myi3FBKkDgafAKLpyl+Vzdbd
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy