Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
CREDITED PAY SLIP.rar
-
Size
694KB
-
Sample
230609-mz5hyacg2z
-
MD5
f422a55cdba9f3fbfff923d527f41cdc
-
SHA1
2c5089b871c2a19f837bacc56f4c437b5fab3e22
-
SHA256
9fc4f26a0088a9b28d0a5a4c83d4cee2ee9aeeafa3bd465a10a3c2a6d54b781a
-
SHA512
4d038e51cd88296f29715be44e24a63797da2fd077f74ea853a6cba56c972d62a7e2e625508db9dc0f926528c7017f9a89c40b0384fe483ddfaa1d99f8e870b0
-
SSDEEP
12288:FXT0Zr3nJeNLUmcZt5+g2PayapZoYxObipIgeKD/iCEz87syIlGtvCa7zi:dT+LnJeN705+g2PYpiWppjRgEpI897zi
Malware Config
Targets
-
-
Target
0tMUNlnakQsCKNd.exe
-
Size
864KB
-
MD5
7d424fcd2cfd26574af4acdb87cbe15a
-
SHA1
d1f2636c0a0a493cbc7522350de7abef29ae4e9e
-
SHA256
bb741e7ac48085e964e7fdfbd19b97a7376712b09c540a95c9a5f1872034908b
-
SHA512
5f78ddb361164d642b041db6d26c727519840c28a7f34e9ae8ec9ab3613981717cfec36ab509c04f6fe8b013f25aed8ac7864fe8ab0ff7fd33dc991d1ef9a820
-
SSDEEP
24576:bUlRu4OyqGUL8ANdsS8hMrVl0nhwcnBH:bUlRu4NqGo8ANuS8hMrr09
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-