1cd60650fa3e560d8f7c80d4d059e669e64486bd3ca6daed52d8fdce14d0455b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

b2.exe

windows7-x64

7

b2.exe

windows10-2004-x64

7

Sharing

General

Target

b2.exe
Size

4.6MB
Sample

230630-n9axraah9s
MD5

2afcac7aaede32980c96fda99c8c8677
SHA1

436e83ce6882e798e5bb6d89a31913285886d3a2
SHA256

1cd60650fa3e560d8f7c80d4d059e669e64486bd3ca6daed52d8fdce14d0455b
SHA512

5ccba16f2b31f1271487729c6d502529fa329d56dc126f080481d567c37c7ed68760c808e7fb6559293c65cf9ea8deca67ba2670a42a806d7e158ce79a513907
SSDEEP

98304:DbcuGWyADhhIab1bvece79p6T215vhx8ovhqg4zi4RWouv60FFS7W:0dyhhIaZNeZy2Lb8Uf4G4EoE6t

Score

7^/10

spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b2.exe

Resource

win7-20230621-en

spyware stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b2.exe

Resource

win10v2004-20230621-en

spyware stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  b2.exe
- Size
  
  4.6MB
- MD5
  
  2afcac7aaede32980c96fda99c8c8677
- SHA1
  
  436e83ce6882e798e5bb6d89a31913285886d3a2
- SHA256
  
  1cd60650fa3e560d8f7c80d4d059e669e64486bd3ca6daed52d8fdce14d0455b
- SHA512
  
  5ccba16f2b31f1271487729c6d502529fa329d56dc126f080481d567c37c7ed68760c808e7fb6559293c65cf9ea8deca67ba2670a42a806d7e158ce79a513907
- SSDEEP
  
  98304:DbcuGWyADhhIab1bvece79p6T215vhx8ovhqg4zi4RWouv60FFS7W:0dyhhIaZNeZy2Lb8Uf4G4EoE6t
Score

7^/10

spyware stealer upx
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

spywarestealerupx

behavioral2

spywarestealerupx

© 2018-2025

Terms | Privacy