7c1c2070a97f7651275c9dc556ba5e7bc3db91dc3107a6215395e7d41ede1bc9 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

OperaSetup.exe

windows10-2004-x64

8

OperaSetup.exe

windows10-ltsc_2021-x64

8

Sharing

General

Target

OperaSetup.exe
Size

2.2MB
Sample

250327-m56yys1sdv
MD5

f099a70905dc5458118b34b5548c8dfa
SHA1

227a6bb464c755f2772d199706cca6295acc6c87
SHA256

7c1c2070a97f7651275c9dc556ba5e7bc3db91dc3107a6215395e7d41ede1bc9
SHA512

5f6e5f53b643cc12148bfaeef4d934b40aa12d27caa15cc4891e9daed604e70729403d70eeeaa7e265f2a4f102b8abf49b3f19e137b15522fd79314c117f5ae1
SSDEEP

49152:kVAbwveCLg0POqoz54LRI5j97ugj5TIn95QoqiiL6bylSTO4J:IAPCkYOpG897FGhI6xD

Score

8^/10

defense_evasion discovery motw phishing spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

OperaSetup.exe

Resource

win10v2004-20250314-en

discovery motw phishing spyware stealer

windows10-2004-x64

28 signatures

900 seconds

Behavioral task

behavioral2

Sample

OperaSetup.exe

Resource

win10ltsc2021-20250314-en

defense_evasion discovery spyware stealer

windows10-ltsc_2021-x64

23 signatures

900 seconds

Malware Config

Targets

- Target
  
  OperaSetup.exe
- Size
  
  2.2MB
- MD5
  
  f099a70905dc5458118b34b5548c8dfa
- SHA1
  
  227a6bb464c755f2772d199706cca6295acc6c87
- SHA256
  
  7c1c2070a97f7651275c9dc556ba5e7bc3db91dc3107a6215395e7d41ede1bc9
- SHA512
  
  5f6e5f53b643cc12148bfaeef4d934b40aa12d27caa15cc4891e9daed604e70729403d70eeeaa7e265f2a4f102b8abf49b3f19e137b15522fd79314c117f5ae1
- SSDEEP
  
  49152:kVAbwveCLg0POqoz54LRI5j97ugj5TIn95QoqiiL6bylSTO4J:IAPCkYOpG897FGhI6xD
Score

8^/10

discovery motw phishing spyware stealer defense_evasion
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverymotwphishingspywarestealer

behavioral2

defense_evasiondiscoveryspywarestealer

© 2018-2025

Terms | Privacy