b269b349109526ca935b85e50e0054ffe0464b17de8d09880ae9e6c6fda029a6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

4c5bcfc6a3...36.exe

windows7-x64

8

4c5bcfc6a3...36.exe

windows10-2004-x64

8

Sharing

General

Target

4c5bcfc6a3ba65d8330ebf0a58a65fb17dcd68824ac9cb81c7102ce3d7268c36.zip
Size

19.6MB
Sample

230516-1k6dksbg9y
MD5

398ab25459fb2b3555290952780acd41
SHA1

fcc39958c354f3975af24955bea76a778431460d
SHA256

b269b349109526ca935b85e50e0054ffe0464b17de8d09880ae9e6c6fda029a6
SHA512

8dd66445e8195920ec4588ecd94acc0d30549f4d6566dfb308fa504941580a1ad2ef1dc7f05765e41c5565fce57db84907513ebe5225fdb72afa0bad48574e97
SSDEEP

393216:9L2zDeFfsNk3Wh7lM2Mbj/tMbxeQtvWNNY18MUgpIiR1:12zDeFfs63WvM2012eQNWNa8WR1

Score

8^/10

bootkit discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

4c5bcfc6a3ba65d8330ebf0a58a65fb17dcd68824ac9cb81c7102ce3d7268c36.exe

Resource

win7-20230220-en

bootkit discovery persistence spyware stealer

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

4c5bcfc6a3ba65d8330ebf0a58a65fb17dcd68824ac9cb81c7102ce3d7268c36.exe

Resource

win10v2004-20230220-en

bootkit discovery persistence spyware stealer

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  4c5bcfc6a3ba65d8330ebf0a58a65fb17dcd68824ac9cb81c7102ce3d7268c36.exe
- Size
  
  19.7MB
- MD5
  
  cc3d934c39b7d11e5b50cefb5c85b602
- SHA1
  
  b051466b718a82b3eedd47c850d8d59aacf40cbf
- SHA256
  
  4c5bcfc6a3ba65d8330ebf0a58a65fb17dcd68824ac9cb81c7102ce3d7268c36
- SHA512
  
  787d648266af21373fcb8796dc275e6ed6100cd109c46143dfcc4bb049ccb503f16bcd22bf8876b3d6a8a446b726809e3318ccd1900cbb34500abf0364df77a8
- SSDEEP
  
  393216:dm62/LAi1NKW2M+fMMBDmEqG/OBpsBZHOES5NQ94CwSpD1qb:dm62/EWMH1fJOES5NQKiPqb
Score

8^/10

bootkit discovery persistence spyware stealer
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistencespywarestealer

behavioral2

bootkitdiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy