1169ffd244039e5cca44ee8af96966f40637ca679ac59e4e3f71c49c8625734c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

SecuriteIn...87.exe

windows7-x64

7

SecuriteIn...87.exe

windows10-2004-x64

7

Sharing

General

Target

SecuriteInfo.com.Win32.RATX-gen.9787.5644
Size

677KB
Sample

230818-nt78baag4x
MD5

d850cf00d51bc4218cd3a7811f111ad7
SHA1

e8c31a8b122e0be1d714a612cf496ddf84a234a0
SHA256

1169ffd244039e5cca44ee8af96966f40637ca679ac59e4e3f71c49c8625734c
SHA512

332c1795e8b7a7a013e74602d704b3e1ab93cf0fb9196856fd2c5924d591a863ec9547477325e8091833f2744463698ff0d92931b9dffb3d6a980651c617603b
SSDEEP

12288:AMmHFFDO9S6WDBD45nafiYNSCX7LYg5Prkt:VmXO7utD9LYg1rk

Score

7^/10

spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.RATX-gen.9787.exe

Resource

win7-20230712-en

spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.RATX-gen.9787.exe

Resource

win10v2004-20230703-en

spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Win32.RATX-gen.9787.5644
- Size
  
  677KB
- MD5
  
  d850cf00d51bc4218cd3a7811f111ad7
- SHA1
  
  e8c31a8b122e0be1d714a612cf496ddf84a234a0
- SHA256
  
  1169ffd244039e5cca44ee8af96966f40637ca679ac59e4e3f71c49c8625734c
- SHA512
  
  332c1795e8b7a7a013e74602d704b3e1ab93cf0fb9196856fd2c5924d591a863ec9547477325e8091833f2744463698ff0d92931b9dffb3d6a980651c617603b
- SSDEEP
  
  12288:AMmHFFDO9S6WDBD45nafiYNSCX7LYg5Prkt:VmXO7utD9LYg1rk
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy