Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe
-
Size
202KB
-
Sample
231010-xw6a6sab58
-
MD5
a4e4b05456d5f436ce91362048f5bd88
-
SHA1
a7a99b3258d136788ee9737a3b5d848b723c90ed
-
SHA256
37c7ba11c821061ff557b01c363bfd7ec1ed21d5c61c658e050f7c06b8b15d73
-
SHA512
9e037944c99e3892e4857958c54d0ef44a7d7d8098e046e7df01e5fc2d2e1796f2bd8fd6683de00100357f48b7ca117b99691fd24291456dc3c0121a11728e18
-
SSDEEP
1536:bXBmHj/428VMTwvY3vT3ZpTha581w8WlmoL8vA:bXgE28mTwvY73Zhha5IvoL8o
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.alizametal.com.tr - Port:
21 - Username:
alizametal.com.tr - Password:
hd611
Extracted
Protocol: ftp- Host:
ftp.yesimcopy.com - Port:
21 - Username:
yesimcopy1 - Password:
825cyf
Targets
-
-
Target
NEAS.a4e4b05456d5f436ce91362048f5bd88_JC.exe
-
Size
202KB
-
MD5
a4e4b05456d5f436ce91362048f5bd88
-
SHA1
a7a99b3258d136788ee9737a3b5d848b723c90ed
-
SHA256
37c7ba11c821061ff557b01c363bfd7ec1ed21d5c61c658e050f7c06b8b15d73
-
SHA512
9e037944c99e3892e4857958c54d0ef44a7d7d8098e046e7df01e5fc2d2e1796f2bd8fd6683de00100357f48b7ca117b99691fd24291456dc3c0121a11728e18
-
SSDEEP
1536:bXBmHj/428VMTwvY3vT3ZpTha581w8WlmoL8vA:bXgE28mTwvY73Zhha5IvoL8o
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-