Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe

  • Size

    202KB

  • Sample

    231010-xw6a6sab58

  • MD5

    a4e4b05456d5f436ce91362048f5bd88

  • SHA1

    a7a99b3258d136788ee9737a3b5d848b723c90ed

  • SHA256

    37c7ba11c821061ff557b01c363bfd7ec1ed21d5c61c658e050f7c06b8b15d73

  • SHA512

    9e037944c99e3892e4857958c54d0ef44a7d7d8098e046e7df01e5fc2d2e1796f2bd8fd6683de00100357f48b7ca117b99691fd24291456dc3c0121a11728e18

  • SSDEEP

    1536:bXBmHj/428VMTwvY3vT3ZpTha581w8WlmoL8vA:bXgE28mTwvY73Zhha5IvoL8o

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.alizametal.com.tr
  • Port:
    21
  • Username:
    alizametal.com.tr
  • Password:
    hd611

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.yesimcopy.com
  • Port:
    21
  • Username:
    yesimcopy1
  • Password:
    825cyf

Targets

    • Target

      NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe

    • Size

      202KB

    • MD5

      a4e4b05456d5f436ce91362048f5bd88

    • SHA1

      a7a99b3258d136788ee9737a3b5d848b723c90ed

    • SHA256

      37c7ba11c821061ff557b01c363bfd7ec1ed21d5c61c658e050f7c06b8b15d73

    • SHA512

      9e037944c99e3892e4857958c54d0ef44a7d7d8098e046e7df01e5fc2d2e1796f2bd8fd6683de00100357f48b7ca117b99691fd24291456dc3c0121a11728e18

    • SSDEEP

      1536:bXBmHj/428VMTwvY3vT3ZpTha581w8WlmoL8vA:bXgE28mTwvY73Zhha5IvoL8o

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks