Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

skystealer...in.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    skystealer-main.zip

  • Size

    17.9MB

  • Sample

    241207-bw1vssvjen

  • MD5

    de05aa3b3ffa7897e5fb753ee4153d58

  • SHA1

    51aeb2ee13da4c169d820d057f3455ccb241eae4

  • SHA256

    9e071b0e06143633463b14377fd3b77cb62b5be95a0c236dcef54e5325447402

  • SHA512

    e5fe56a979532121291e5834674536478bd7aa2816ba680c4fb8b233e5f282c8c348dfcab7476c46a2ebf3eb7554f88413f2b5e4259673f8d345a5460fcf86a7

  • SSDEEP

    393216:dkzptn7jf67NWcDYdsadY4dhmzwiY3O3segmBJaTcduTK:Sznn7zEWcDd+sllhJaTssK

Score
10/10
empyreandiscoverypersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      skystealer-main/main.exe

    • Size

      17.6MB

    • MD5

      4edced436524b16a1f5eaeaf7d182346

    • SHA1

      e2626eacc78d6573d7696407f0de1db5be040135

    • SHA256

      a0c2878314622706025c60f880d11c7af08b2900e9603d580d9cfd6544599d71

    • SHA512

      45b26f06998c2085c14c2d2825b540458be65916a869d77eb360228ceacc7ae303f3ad581075d8c046640c5093102a2c31b91692f69fd5af2fd4f753c22c4ded

    • SSDEEP

      393216:DqPnLFXlr8gQpDOETgsvfG9wagqKvECk6C1uAL9q:GPLFXNlQoEM1jaC1u2o

    Score
    7/10
    discoverypersistenceprivilege_escalationspywarestealerupx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Query Registry

1
T1012

System Information Discovery

1
T1082

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks