44abf0cadee82f049bbc3dfeb8277529d3650f6f76fb76e00ec65228b8ec21e6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

sutup-Chro...64.msi

windows7-x64

8

sutup-Chro...64.msi

windows10-1703-x64

8

sutup-Chro...64.msi

windows10-2004-x64

8

sutup-Chro...64.msi

windows11-21h2-x64

8

Sharing

General

Target

sutup-Chrome.13.26.x64.zip
Size

15.1MB
Sample

240426-mr3dlsef76
MD5

3da317519de2f2dea02bb16894317051
SHA1

6926da5cba7aed9eb370b338e38990c0268668ee
SHA256

44abf0cadee82f049bbc3dfeb8277529d3650f6f76fb76e00ec65228b8ec21e6
SHA512

134ac0c5075f3d08e078a5f369de4dea04e9369a504ea4657c6921af3a6ba2ee635e8bd394dca4c03bcf3cb0f8838d3421cdc49858dfe084465ed48d588038c0
SSDEEP

393216:3LXgE3gw94y+TBxJhVAa6Q03eE2ytIy963gHe8swneCMjeD4:bQEITJX/yAQ+8Nn8

Score

8^/10

discovery evasion persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

sutup-Chrome.13.26.x64.msi

Resource

win7-20231129-en

discovery evasion persistence spyware stealer

windows7-x64

30 signatures

300 seconds

Behavioral task

behavioral2

Sample

sutup-Chrome.13.26.x64.msi

Resource

win10-20240404-en

discovery evasion persistence spyware stealer

windows10-1703-x64

30 signatures

300 seconds

Behavioral task

behavioral3

Sample

sutup-Chrome.13.26.x64.msi

Resource

win10v2004-20240419-en

evasion persistence spyware stealer

windows10-2004-x64

24 signatures

300 seconds

Behavioral task

behavioral4

Sample

sutup-Chrome.13.26.x64.msi

Resource

win11-20240419-en

evasion persistence spyware stealer

windows11-21h2-x64

22 signatures

300 seconds

Malware Config

Targets

- Target
  
  sutup-Chrome.13.26.x64.msi
- Size
  
  15.6MB
- MD5
  
  86561e111e7ce97e13a9936b9b4ba849
- SHA1
  
  61cd40da9253a367e416c9ab67e73738f18948c3
- SHA256
  
  bd462515ea9ffe66fc27d9baa0fcc4bf733385829c2fc5676129aaeeb2e0af88
- SHA512
  
  33d26416412d777fb2758bc41b44a9e9107906879c85bb4609702242deb2bcd83ed8a5f5da7a1d3e4662ca7b31dbfbbe1faa8364952546ff600136e8c2cf7d54
- SSDEEP
  
  393216:qCBN2m9uaDsIqvv3/L/2m68UzYWIMWLBM36dmdRwhm7YLp:RkmqvHv1M/q8dOh
Score

8^/10

discovery evasion persistence spyware stealer
- Creates new service(s)
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies Installed Components in the registry
  persistence
- Modifies Windows Firewall
  evasion
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealer

behavioral2

discoveryevasionpersistencespywarestealer

behavioral3

evasionpersistencespywarestealer

behavioral4

evasionpersistencespywarestealer

© 2018-2025

Terms | Privacy