Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.8f31d9d3e255e3ff701c034e37b74f20_JC.exe

  • Size

    41KB

  • Sample

    231006-sfljlsde41

  • MD5

    8f31d9d3e255e3ff701c034e37b74f20

  • SHA1

    cfed58af9715f3d9f129657d90c1043fe9ea9833

  • SHA256

    ee0ca72dfd2c31d50bd0aafc996d56c7c60dd4a537002288fec15a1ebc19a845

  • SHA512

    31f68183c2e7045d097b9fb89259ea13991edf7c366a6e8d56b56512aa11d8dfc3063ea003f285d58c5546653a4eb8e63f4e39254f570e97942a17cf3b3d51f7

  • SSDEEP

    768:deMc5VwWt1jDkbXdnTOyQxHFO+IxX2P5LIbbcPYir2lAqcdF0i09Cy:dq5VwWDjDkdTRqHFOn8tIbbeYiuZIFSz

Malware Config

Targets

    • Target

      NEAS.8f31d9d3e255e3ff701c034e37b74f20_JC.exe

    • Size

      41KB

    • MD5

      8f31d9d3e255e3ff701c034e37b74f20

    • SHA1

      cfed58af9715f3d9f129657d90c1043fe9ea9833

    • SHA256

      ee0ca72dfd2c31d50bd0aafc996d56c7c60dd4a537002288fec15a1ebc19a845

    • SHA512

      31f68183c2e7045d097b9fb89259ea13991edf7c366a6e8d56b56512aa11d8dfc3063ea003f285d58c5546653a4eb8e63f4e39254f570e97942a17cf3b3d51f7

    • SSDEEP

      768:deMc5VwWt1jDkbXdnTOyQxHFO+IxX2P5LIbbcPYir2lAqcdF0i09Cy:dq5VwWDjDkdTRqHFOn8tIbbeYiuZIFSz

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks