89fe4dfd008deac0fe4ef317c880bf31e834675e488eb511e10d0fbf7cee82c9 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

TeamViewer_Setup.exe

windows7-x64

7

TeamViewer_Setup.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

TeamViewer_Setup.exe
Size

41.4MB
Sample

231002-xp3ayadh51
MD5

bec7bce8e78cf5a658e50dede04f0c78
SHA1

606eae16b1bd80759548caeea7257ceabec15dd0
SHA256

89fe4dfd008deac0fe4ef317c880bf31e834675e488eb511e10d0fbf7cee82c9
SHA512

60baaf87f23cb501425487f71ac6f42793626c180dbb42450c5ec5f7edd0180d17a5ce20ef3841f32dd1fdbac1f5ab5e00b48138507e9b12b67ba48b8e12304a
SSDEEP

786432:Tc+wLiYwTateExTPuxv2TJXufkIuy2ZqRS+Q62+/OpGnL5AyXM2nAargSSg:Y+Sd2atexeJ+fXOqRS+Qg1M7ySg

Score

7^/10

discovery spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

TeamViewer_Setup.exe

Resource

win7-20230831-en

discovery spyware stealer upx

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

TeamViewer_Setup.exe

Resource

win10v2004-20230915-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  TeamViewer_Setup.exe
- Size
  
  41.4MB
- MD5
  
  bec7bce8e78cf5a658e50dede04f0c78
- SHA1
  
  606eae16b1bd80759548caeea7257ceabec15dd0
- SHA256
  
  89fe4dfd008deac0fe4ef317c880bf31e834675e488eb511e10d0fbf7cee82c9
- SHA512
  
  60baaf87f23cb501425487f71ac6f42793626c180dbb42450c5ec5f7edd0180d17a5ce20ef3841f32dd1fdbac1f5ab5e00b48138507e9b12b67ba48b8e12304a
- SSDEEP
  
  786432:Tc+wLiYwTateExTPuxv2TJXufkIuy2ZqRS+Q62+/OpGnL5AyXM2nAargSSg:Y+Sd2atexeJ+fXOqRS+Qg1M7ySg
Score

7^/10

discovery spyware stealer upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealerupx

behavioral2

© 2018-2025

Terms | Privacy