Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.62211c020df4042e7aa514e9146884a8_JC.exe

  • Size

    341KB

  • Sample

    231010-wze3qahf32

  • MD5

    62211c020df4042e7aa514e9146884a8

  • SHA1

    e11d7a3b1e1f3d55059b61be0e2fc087a1ae56c2

  • SHA256

    016d9db36509638e996dc0bc58f45ff4efc5ea9a897c45c98f650bb70d2e51a1

  • SHA512

    5462843090e4f2c3b94d25f06cc271b0b3683dc98146375858a2bf1eda2a1b6e62367a3512a8d4bcb12db3e85490655007b7526fb284d0f023be20d588e0fa81

  • SSDEEP

    6144:YjluQoSPIo5R4nM/40yJNE862AyO+urlOpdySb3s9P8BtagUbEzLz+nzPpf1Cdzd:YEQoSpqhf62Q+u0phw9P8DQEHzcRfGzd

Malware Config

Targets

    • Target

      NEAS.62211c020df4042e7aa514e9146884a8_JC.exe

    • Size

      341KB

    • MD5

      62211c020df4042e7aa514e9146884a8

    • SHA1

      e11d7a3b1e1f3d55059b61be0e2fc087a1ae56c2

    • SHA256

      016d9db36509638e996dc0bc58f45ff4efc5ea9a897c45c98f650bb70d2e51a1

    • SHA512

      5462843090e4f2c3b94d25f06cc271b0b3683dc98146375858a2bf1eda2a1b6e62367a3512a8d4bcb12db3e85490655007b7526fb284d0f023be20d588e0fa81

    • SSDEEP

      6144:YjluQoSPIo5R4nM/40yJNE862AyO+urlOpdySb3s9P8BtagUbEzLz+nzPpf1Cdzd:YEQoSpqhf62Q+u0phw9P8DQEHzcRfGzd

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks