19774a82c2c0a4d872e60a3fa062c3e44cf4e9f3504e0501112f58437e7654ad | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

main.exe

windows10-2004-x64

Sharing

General

Target

main.exe
Size

82.5MB
Sample

230724-cg2zzshe67
MD5

1e6f75bc5ed093e5c87a8abc9792afa1
SHA1

038a9b3e253a383a1de435b410a1cd2c5037631f
SHA256

19774a82c2c0a4d872e60a3fa062c3e44cf4e9f3504e0501112f58437e7654ad
SHA512

9e34447b98efa11809bfbef37b64be14c20d9aebb0b49899b3e3ffa86e1ce1fb0a5d27a791b9e8a46ebbeae12882404e91214dc2e5957a2f4340d276f0dd4af9
SSDEEP

1572864:h1QtatodMkRCtQkTMT2Zr9yre77nD0C2Q0Q/KZYlct2uC9b2R23Sb/U3viOmWvHs:/rkkQkTyCAS/D1SQct2uC9b2xM3v3mwM

Score

10^/10

evasion pyinstaller spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

main.exe

Resource

win10v2004-20230703-en

evasion spyware stealer trojan

windows10-2004-x64

27 signatures

600 seconds

Malware Config

Targets

- Target
  
  main.exe
- Size
  
  82.5MB
- MD5
  
  1e6f75bc5ed093e5c87a8abc9792afa1
- SHA1
  
  038a9b3e253a383a1de435b410a1cd2c5037631f
- SHA256
  
  19774a82c2c0a4d872e60a3fa062c3e44cf4e9f3504e0501112f58437e7654ad
- SHA512
  
  9e34447b98efa11809bfbef37b64be14c20d9aebb0b49899b3e3ffa86e1ce1fb0a5d27a791b9e8a46ebbeae12882404e91214dc2e5957a2f4340d276f0dd4af9
- SSDEEP
  
  1572864:h1QtatodMkRCtQkTMT2Zr9yre77nD0C2Q0Q/KZYlct2uC9b2R23Sb/U3viOmWvHs:/rkkQkTyCAS/D1SQct2uC9b2xM3v3mwM
Score

10^/10

evasion spyware stealer trojan
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealertrojan

© 2018-2025

Terms | Privacy