Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.NEASNEAS5f6110fdf11e888a353ffc60086f15c12deb42a07eec9d8b842589bfa67176dcexeexeexe_JC.exe

  • Size

    348KB

  • Sample

    231013-vcn7faea65

  • MD5

    01b925b499a5bc1e9d7a2f93d8ac0c65

  • SHA1

    d26e14bd928d6bcbbd67c482875bcfe6bf98ca2b

  • SHA256

    5f6110fdf11e888a353ffc60086f15c12deb42a07eec9d8b842589bfa67176dc

  • SHA512

    d2718cc7cb1cc26674f9c19807a9414450a45c4ab1b156722740e49263469ab5831c5386e2e7e71fdbf0509bd0962f80a730ead83ab63a1feb3fffb06075e863

  • SSDEEP

    6144:ZeR7eammRd3K+q9KiocO2WTYqh8YE6ALJf9odH7MxbyElT43u:ZeRtBRXq9LocO2WTYqhjBMM73El4

Malware Config

Targets

    • Target

      NEAS.NEASNEAS5f6110fdf11e888a353ffc60086f15c12deb42a07eec9d8b842589bfa67176dcexeexeexe_JC.exe

    • Size

      348KB

    • MD5

      01b925b499a5bc1e9d7a2f93d8ac0c65

    • SHA1

      d26e14bd928d6bcbbd67c482875bcfe6bf98ca2b

    • SHA256

      5f6110fdf11e888a353ffc60086f15c12deb42a07eec9d8b842589bfa67176dc

    • SHA512

      d2718cc7cb1cc26674f9c19807a9414450a45c4ab1b156722740e49263469ab5831c5386e2e7e71fdbf0509bd0962f80a730ead83ab63a1feb3fffb06075e863

    • SSDEEP

      6144:ZeR7eammRd3K+q9KiocO2WTYqh8YE6ALJf9odH7MxbyElT43u:ZeRtBRXq9LocO2WTYqhjBMM73El4

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks