empyrean | 7e4691de0700dc115705549222583fab48ec1e28dd963d98d5b20f98799f06cf | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

main.exe

windows7-x64

7

main.exe

windows10-2004-x64

7

Resubmissions

04/02/2024, 11:56 UTC

240204-n4drfsgeb9 10

Sharing

General

Target

main.exe
Size

82.7MB
Sample

240204-n4drfsgeb9
MD5

1377790410f933a3e9ae23e0514f6e99
SHA1

bb0144b3501eea4654d82415dcc7907293f02a07
SHA256

7e4691de0700dc115705549222583fab48ec1e28dd963d98d5b20f98799f06cf
SHA512

7b16a37f6529f32b82d00d83c4925ce75f14268949781ef8435af7e3ca6f9917e00dbc55835d630669ff8df3a820b9fe95f43136dec161492b0fab1b0e6e8b01
SSDEEP

1572864:XQ82Fhy+6ZIl0B/CiiQTzNxw7R1gOBmKunPJQj95eSKR5yIVNFq+ar2GUjl0pS+:lihytm4/Ci7TzM7lAKCBejUV+/KX+

Score

10^/10

empyrean persistence pyinstaller spyware stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

main.exe

Resource

win7-20231215-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

main.exe

Resource

win10v2004-20231215-en

persistence spyware stealer upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  main.exe
- Size
  
  82.7MB
- MD5
  
  1377790410f933a3e9ae23e0514f6e99
- SHA1
  
  bb0144b3501eea4654d82415dcc7907293f02a07
- SHA256
  
  7e4691de0700dc115705549222583fab48ec1e28dd963d98d5b20f98799f06cf
- SHA512
  
  7b16a37f6529f32b82d00d83c4925ce75f14268949781ef8435af7e3ca6f9917e00dbc55835d630669ff8df3a820b9fe95f43136dec161492b0fab1b0e6e8b01
- SSDEEP
  
  1572864:XQ82Fhy+6ZIl0B/CiiQTzNxw7R1gOBmKunPJQj95eSKR5yIVNFq+ar2GUjl0pS+:lihytm4/Ci7TzM7lAKCBejUV+/KX+
Score

7^/10

upx persistence spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerempyrean

behavioral1

behavioral2

persistencespywarestealerupx

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.