974fca88e1ccd9f06d13a26f1dd8309d116993347ff62fc4615f3309109e0647 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Google.msi

windows7-x64

8

Google.msi

windows10-2004-x64

8

Sharing

General

Target

Google.zip
Size

22.3MB
Sample

240419-mzdp8ahd62
MD5

dbb70cb98eb01d67aff6a14d22e54686
SHA1

db3da811ecf3122d96c8a955353e7f2d0a5add95
SHA256

974fca88e1ccd9f06d13a26f1dd8309d116993347ff62fc4615f3309109e0647
SHA512

de1b64b6c8e3323e4670e2f980a18aa3b5c41f125a3fd22d4894c5c54d0301c18c42311421c5e30589b19cce4e6ed852f53ad7f8844f2ad7b009dda4a90a51aa
SSDEEP

393216:bme2V07zFK+GlbRwtYlOWmGT1suX+CUMid0hPEE+VCDPkC0ic6pR11C14ho+:u0/DtY9hsu+PX0hPEVynhz1C14hr

Score

8^/10

discovery evasion persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Google.msi

Resource

win7-20240221-en

discovery evasion persistence spyware stealer

windows7-x64

27 signatures

150 seconds

Behavioral task

behavioral2

Sample

Google.msi

Resource

win10v2004-20240412-en

discovery evasion persistence spyware stealer

windows10-2004-x64

29 signatures

150 seconds

Malware Config

Targets

- Target
  
  Google.msi
- Size
  
  23.2MB
- MD5
  
  22b43a78808505e9888864467bd1f2a3
- SHA1
  
  b248af4accd5739f1e7c792efb6a13d1ba89dbe0
- SHA256
  
  aa7cc08e0b29cd9022cde6b0c9307cb2f93365d098f71fb37478339daff80714
- SHA512
  
  cb592dab7c9ec4fe35177f45c86f81015c30363266309ab239afdbd9a05edc1171a44bec24c8462511f2df6ee89456dccfc5ae1d84cfcba56a363baa092fc963
- SSDEEP
  
  393216:uYnoainkFTvw4GJTVSHGbEqC0XLSQnKG4oiBcjNiW+beFxSIMEQsvlZpiFUiwvEY:uNklVHGD7SqK/fcjNiLqbjnpiFFM
Score

8^/10

discovery evasion persistence spyware stealer
- Creates new service(s)
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies Installed Components in the registry
  persistence
- Modifies Windows Firewall
  evasion
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealer

behavioral2

discoveryevasionpersistencespywarestealer

© 2018-2025

Terms | Privacy