Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Tiger Stock_20180517.exe

  • Size

    3.3MB

  • Sample

    230614-pwpz7aha98

  • MD5

    4ea12c2a4b9d5d02f39d5e028f94dd17

  • SHA1

    0459586d1fc703780a13a8a84aefc9ea8f076acb

  • SHA256

    e1173c0d41cefba870204cb15a7f6a7825bfa3a9a7ce370d431ef922126b1de6

  • SHA512

    ea5ecd4769e357392ac2c325b6569961d1aa8c112ed322f04cda558fbf685ea606ad0ca3c205693f2ba862d74a16b5aebaa001ce9255c9a643999ad0aa72742a

  • SSDEEP

    49152:Kz32Lnt49YMJM4YKU6YIODur1/hcwxXVTrnW52hN:KiJWJM41UTDur1/uAlWI

Malware Config

Targets

    • Target

      Tiger Stock_20180517.exe

    • Size

      3.3MB

    • MD5

      4ea12c2a4b9d5d02f39d5e028f94dd17

    • SHA1

      0459586d1fc703780a13a8a84aefc9ea8f076acb

    • SHA256

      e1173c0d41cefba870204cb15a7f6a7825bfa3a9a7ce370d431ef922126b1de6

    • SHA512

      ea5ecd4769e357392ac2c325b6569961d1aa8c112ed322f04cda558fbf685ea606ad0ca3c205693f2ba862d74a16b5aebaa001ce9255c9a643999ad0aa72742a

    • SSDEEP

      49152:Kz32Lnt49YMJM4YKU6YIODur1/hcwxXVTrnW52hN:KiJWJM41UTDur1/uAlWI

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks