26392933fd4c464b0aca1664e4148727bfb0c435dbe7a161e4b632b80808dfb5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

63d52f9d0d...43.exe

windows7-x64

7

63d52f9d0d...43.exe

windows10-2004-x64

7

Sharing

General

Target

63d52f9d0da76e85c0b0d5c6adbebe43
Size

1018KB
Sample

240117-2x4wysgabr
MD5

63d52f9d0da76e85c0b0d5c6adbebe43
SHA1

5a0be963f098b7fe5cca45f5c7edd6ed89c0a917
SHA256

26392933fd4c464b0aca1664e4148727bfb0c435dbe7a161e4b632b80808dfb5
SHA512

3b99536999cd32dedcc86796791ac62dc2ac6e7371c689289fa9aa43ee3a9238a2cc97ad6ffc39bf6b1e3e887c51795e94d41f610a128fd20d1ff303cdc8bd32
SSDEEP

24576:eErBOwUBE1Egw+VIXxdSuLj6UjZUjeRLqB:eyB4JiIwUjqjGL

Score

7^/10

spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

63d52f9d0da76e85c0b0d5c6adbebe43.exe

Resource

win7-20231215-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

63d52f9d0da76e85c0b0d5c6adbebe43.exe

Resource

win10v2004-20231222-en

spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  63d52f9d0da76e85c0b0d5c6adbebe43
- Size
  
  1018KB
- MD5
  
  63d52f9d0da76e85c0b0d5c6adbebe43
- SHA1
  
  5a0be963f098b7fe5cca45f5c7edd6ed89c0a917
- SHA256
  
  26392933fd4c464b0aca1664e4148727bfb0c435dbe7a161e4b632b80808dfb5
- SHA512
  
  3b99536999cd32dedcc86796791ac62dc2ac6e7371c689289fa9aa43ee3a9238a2cc97ad6ffc39bf6b1e3e887c51795e94d41f610a128fd20d1ff303cdc8bd32
- SSDEEP
  
  24576:eErBOwUBE1Egw+VIXxdSuLj6UjZUjeRLqB:eyB4JiIwUjqjGL
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy