Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.b0749aae554986bfa0d35f20e2f2f740.exe
-
Size
200KB
-
Sample
231013-zc9klaea91
-
MD5
b0749aae554986bfa0d35f20e2f2f740
-
SHA1
80fe356b51fdd237ddf856ca897fa9e38286d97a
-
SHA256
384fe222a93548118e8b3173247f69fabcd028e54f6f16a7ee61ae1e89edf38d
-
SHA512
3d968f553605edc7476c99bd179ef5ae3969471298e848ee064a5fd6f2ef0688805facf078a4c1dc51628a9c5f1f0b3422baf352f389eab802f80cd029a70097
-
SSDEEP
768:J/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfL/:JRsvcdcQjosnvnZ6LQ1E/
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.b0749aae554986bfa0d35f20e2f2f740.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.b0749aae554986bfa0d35f20e2f2f740.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
griptoloji - Password:
741852
Targets
-
-
Target
NEAS.b0749aae554986bfa0d35f20e2f2f740.exe
-
Size
200KB
-
MD5
b0749aae554986bfa0d35f20e2f2f740
-
SHA1
80fe356b51fdd237ddf856ca897fa9e38286d97a
-
SHA256
384fe222a93548118e8b3173247f69fabcd028e54f6f16a7ee61ae1e89edf38d
-
SHA512
3d968f553605edc7476c99bd179ef5ae3969471298e848ee064a5fd6f2ef0688805facf078a4c1dc51628a9c5f1f0b3422baf352f389eab802f80cd029a70097
-
SSDEEP
768:J/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfL/:JRsvcdcQjosnvnZ6LQ1E/
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-