77b46bb278d78816aae4c1c4ab1dc60aa6143eb0c450373666d673d51ae32b10 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Loader.exe

windows10-2004-x64

7

Resubmissions

19/04/2024, 22:47

240419-2qw8jaad6z 7

19/04/2024, 22:22

240419-2anw8aha69 7

19/04/2024, 22:20

240419-19jacaha37 7

19/04/2024, 22:19

240419-18zwpsha24 7

19/04/2024, 22:17

240419-17qawahg8y 7

19/04/2024, 22:16

240419-16t8fahg6t 7

19/04/2024, 22:14

240419-15ndhagh26 7

Sharing

General

Target

Loader.exe
Size

7.0MB
Sample

240419-19jacaha37
MD5

f85dc1ba52e4cc046d5e7d41ded3ac22
SHA1

98b8d673dd1c65303a6ea60e9b5b8babe671ea1c
SHA256

77b46bb278d78816aae4c1c4ab1dc60aa6143eb0c450373666d673d51ae32b10
SHA512

314743545610994dbecca18a9847f5c197c8faa7ab2e255d9453b6b860b99d2d310769388a8ed06a83f939eea4e0dd2fffe7a2ce0938b63904960ba27b5d6db9
SSDEEP

98304:WDIgj87TLy71+WYK4tbkZ7+f6b7s4IMsJRXOls3im6yboPMLqCR64ZYfXcQJMitx:WDFjoyHnGybXkJcj2iO3yfXciMit98W

Score

7^/10

discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Loader.exe

Resource

win10v2004-20240412-en

discovery spyware stealer

windows10-2004-x64

23 signatures

600 seconds

Malware Config

Targets

- Target
  
  Loader.exe
- Size
  
  7.0MB
- MD5
  
  f85dc1ba52e4cc046d5e7d41ded3ac22
- SHA1
  
  98b8d673dd1c65303a6ea60e9b5b8babe671ea1c
- SHA256
  
  77b46bb278d78816aae4c1c4ab1dc60aa6143eb0c450373666d673d51ae32b10
- SHA512
  
  314743545610994dbecca18a9847f5c197c8faa7ab2e255d9453b6b860b99d2d310769388a8ed06a83f939eea4e0dd2fffe7a2ce0938b63904960ba27b5d6db9
- SSDEEP
  
  98304:WDIgj87TLy71+WYK4tbkZ7+f6b7s4IMsJRXOls3im6yboPMLqCR64ZYfXcQJMitx:WDFjoyHnGybXkJcj2iO3yfXciMit98W
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

© 2018-2025

Terms | Privacy