00490e7012d6bde58cab3917eb99311998aca96d0e20ad7c59d7b105bbf0d7dc | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

FileZilla_...ed.exe

windows10-2004-x64

7

Sharing

General

Target

FileZilla_3.34.0_win64-setup_bundled.exe.7z
Size

8.5MB
Sample

230517-wk6xwsga58
MD5

044eb39dea066c310e29fbd0baab32bb
SHA1

e2cf4244ca03027b28cf88e7d1661faaf93999be
SHA256

00490e7012d6bde58cab3917eb99311998aca96d0e20ad7c59d7b105bbf0d7dc
SHA512

337f23bb3c7bf36a46389aa7d6c2481dcc245a2ae37919344cfe3cca0f6fb04d602eb0646cf448964696042ab4643e10ff2ef4203de69ec04e3b9643fb0eac7c
SSDEEP

196608:+t12KEnaAGIHKlV89TjYFxIB/lY4v4eP/3f7CdyLy7OV/83Z4ctGZXU:QwZHFC81jYF2B/lP4sPf7CAu7OVU3ycu

Score

7^/10

discovery evasion persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

FileZilla_3.34.0_win64-setup_bundled.exe

Resource

win10v2004-20230220-en

discovery evasion persistence spyware stealer trojan upx

windows10-2004-x64

19 signatures

600 seconds

Malware Config

Targets

- Target
  
  FileZilla_3.34.0_win64-setup_bundled.exe
- Size
  
  8.5MB
- MD5
  
  5bed324d68ab49f86590bcfb1b1ba69d
- SHA1
  
  7f356de06621b96795efe03be0569cf0475baa74
- SHA256
  
  3129fd5421c1a71c0673f4cae5349b4a98d4e93da9c41ace1bcacdc9ebf9c0ff
- SHA512
  
  a45473a16f271755fe53110108d6ac67c5f22a07c9e74e15344ed6926c1cf83131d975ff90d46d68b407dc16a396f48411cc077cb7ab57bf3589c7cfcb9f959e
- SSDEEP
  
  196608:4XBTE6e9APaebTAQ/KTKQCtSIetELdlvWDmhd7zFgq9fTJ6ih:4XBTEX95cT1/EStcGnvWYFg+Ph
Score

7^/10

discovery evasion persistence spyware stealer trojan upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojanupx

© 2018-2025

Terms | Privacy