Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    CREDITED PAY SLIP.rar

  • Size

    694KB

  • Sample

    230609-mz5hyacg2z

  • MD5

    f422a55cdba9f3fbfff923d527f41cdc

  • SHA1

    2c5089b871c2a19f837bacc56f4c437b5fab3e22

  • SHA256

    9fc4f26a0088a9b28d0a5a4c83d4cee2ee9aeeafa3bd465a10a3c2a6d54b781a

  • SHA512

    4d038e51cd88296f29715be44e24a63797da2fd077f74ea853a6cba56c972d62a7e2e625508db9dc0f926528c7017f9a89c40b0384fe483ddfaa1d99f8e870b0

  • SSDEEP

    12288:FXT0Zr3nJeNLUmcZt5+g2PayapZoYxObipIgeKD/iCEz87syIlGtvCa7zi:dT+LnJeN705+g2PYpiWppjRgEpI897zi

Malware Config

Targets

    • Target

      0tMUNlnakQsCKNd.exe

    • Size

      864KB

    • MD5

      7d424fcd2cfd26574af4acdb87cbe15a

    • SHA1

      d1f2636c0a0a493cbc7522350de7abef29ae4e9e

    • SHA256

      bb741e7ac48085e964e7fdfbd19b97a7376712b09c540a95c9a5f1872034908b

    • SHA512

      5f78ddb361164d642b041db6d26c727519840c28a7f34e9ae8ec9ab3613981717cfec36ab509c04f6fe8b013f25aed8ac7864fe8ab0ff7fd33dc991d1ef9a820

    • SSDEEP

      24576:bUlRu4OyqGUL8ANdsS8hMrVl0nhwcnBH:bUlRu4NqGo8ANuS8hMrr09

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks