c0ab9875bd5747503884ffae2d3d62c893c151ab6564e889ea615fcf4b85575e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Schermafbe...20.png

windows10-2004-x64

8

Schermafbe...20.png

windows11-21h2-x64

3

Sharing

General

Target

Schermafbeelding 2023-08-22 135520.png
Size

70KB
Sample

240112-lv5gpsdfcp
MD5

3ff87c31f715448f14ec0d5175dd18f5
SHA1

a46f28de56c6fe29ca9d2cc012678e4e9eb85eca
SHA256

c0ab9875bd5747503884ffae2d3d62c893c151ab6564e889ea615fcf4b85575e
SHA512

788bf02ea1582d7e39be6de2b9c6cdacc4cc3717cf554f38182d07f04d5ce87f995522f09f0e901863c39dace381f0806aab866a35afc2daec4c2cfaafcbf788
SSDEEP

1536:OnlC53IQYR/7UKGXag3ujgP3TLTpJ4BG0SWjnSbd:Onl83IQYR/79GXa8PDLnuRHjnSbd

Score

8^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Schermafbeelding 2023-08-22 135520.png

Resource

win10v2004-20231215-en

discovery persistence spyware stealer

windows10-2004-x64

21 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Schermafbeelding 2023-08-22 135520.png

Resource

win11-20231222-en

windows11-21h2-x64

1 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Schermafbeelding 2023-08-22 135520.png
- Size
  
  70KB
- MD5
  
  3ff87c31f715448f14ec0d5175dd18f5
- SHA1
  
  a46f28de56c6fe29ca9d2cc012678e4e9eb85eca
- SHA256
  
  c0ab9875bd5747503884ffae2d3d62c893c151ab6564e889ea615fcf4b85575e
- SHA512
  
  788bf02ea1582d7e39be6de2b9c6cdacc4cc3717cf554f38182d07f04d5ce87f995522f09f0e901863c39dace381f0806aab866a35afc2daec4c2cfaafcbf788
- SSDEEP
  
  1536:OnlC53IQYR/7UKGXag3ujgP3TLTpJ4BG0SWjnSbd:Onl83IQYR/79GXa8PDLnuRHjnSbd
Score

8^/10

discovery persistence spyware stealer
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

© 2018-2025

Terms | Privacy