Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2023-02-09_5ebd682151819e1c5c807b15f4057c25_neshta_revil_sodinokibi.exe
-
Size
321KB
-
Sample
230209-rt5nzaff32
-
MD5
5ebd682151819e1c5c807b15f4057c25
-
SHA1
6c094d3f421d5848afe90d65ff799dbaa152006c
-
SHA256
7546e51b37738965704fadb25674f7fe69ea047ce5eb425c916cfa3048c78cda
-
SHA512
2157775f63fe2080c4740cc01c1666930c16ab47f7f682982697f7cf7a80a695877cec8bbe8971d564c5acb487a4c63614543211f764fe882ed0fef60a292f70
-
SSDEEP
6144:+9ES63VE6F/M4qE15NENn4FDBWE1WNzZoRscLe+TlhbfmdL32M81:h5RqE1Ta4FDBWxzW2cL3lh6x3P81
Malware Config
Targets
-
-
Target
2023-02-09_5ebd682151819e1c5c807b15f4057c25_neshta_revil_sodinokibi.exe
-
Size
321KB
-
MD5
5ebd682151819e1c5c807b15f4057c25
-
SHA1
6c094d3f421d5848afe90d65ff799dbaa152006c
-
SHA256
7546e51b37738965704fadb25674f7fe69ea047ce5eb425c916cfa3048c78cda
-
SHA512
2157775f63fe2080c4740cc01c1666930c16ab47f7f682982697f7cf7a80a695877cec8bbe8971d564c5acb487a4c63614543211f764fe882ed0fef60a292f70
-
SSDEEP
6144:+9ES63VE6F/M4qE15NENn4FDBWE1WNzZoRscLe+TlhbfmdL32M81:h5RqE1Ta4FDBWxzW2cL3lh6x3P81
Score10/10-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-