47a6ad15849a40b428923da090be3fac091d72bdbafe1e7ec4c2e8c878abe0cf | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Yandex.exe

windows11-21h2-x64

7

Sharing

General

Target

Yandex.exe
Size

9.9MB
Sample

250220-fyv5jsxndm
MD5

c1436035efcccf475139d86a5f0cf567
SHA1

ccefebbf217ab02ebf93c66bfbe465f7854723ed
SHA256

47a6ad15849a40b428923da090be3fac091d72bdbafe1e7ec4c2e8c878abe0cf
SHA512

c2527c16e58cb791879d7067e4783688319772cbb0c9b340a1a663bf4d0209d0d4837a67d1b734edbabfb0df10a83910b52f3a9071ffe3cf0640b57378f22e76
SSDEEP

98304:styix9uytNA7DyMrwAPf4xNTEY9xFUkcVwNSHfbv/kaIhThw6Q1f+hl/hjY4+ias:stjx9+ZH4NTx9Pe20/zkaiu1f+79YRs

Score

7^/10

discovery persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Yandex.exe

Resource

win11-20250218-en

discovery persistence spyware stealer

windows11-21h2-x64

26 signatures

300 seconds

Malware Config

Targets

- Target
  
  Yandex.exe
- Size
  
  9.9MB
- MD5
  
  c1436035efcccf475139d86a5f0cf567
- SHA1
  
  ccefebbf217ab02ebf93c66bfbe465f7854723ed
- SHA256
  
  47a6ad15849a40b428923da090be3fac091d72bdbafe1e7ec4c2e8c878abe0cf
- SHA512
  
  c2527c16e58cb791879d7067e4783688319772cbb0c9b340a1a663bf4d0209d0d4837a67d1b734edbabfb0df10a83910b52f3a9071ffe3cf0640b57378f22e76
- SSDEEP
  
  98304:styix9uytNA7DyMrwAPf4xNTEY9xFUkcVwNSHfbv/kaIhThw6Q1f+hl/hjY4+ias:stjx9+ZH4NTx9Pe20/zkaiu1f+79YRs
Score

7^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.