Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.b0749aae554986bfa0d35f20e2f2f740.exe

  • Size

    200KB

  • Sample

    231013-zc9klaea91

  • MD5

    b0749aae554986bfa0d35f20e2f2f740

  • SHA1

    80fe356b51fdd237ddf856ca897fa9e38286d97a

  • SHA256

    384fe222a93548118e8b3173247f69fabcd028e54f6f16a7ee61ae1e89edf38d

  • SHA512

    3d968f553605edc7476c99bd179ef5ae3969471298e848ee064a5fd6f2ef0688805facf078a4c1dc51628a9c5f1f0b3422baf352f389eab802f80cd029a70097

  • SSDEEP

    768:J/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfL/:JRsvcdcQjosnvnZ6LQ1E/

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    griptoloji
  • Password:
    741852

Targets

    • Target

      NEAS.b0749aae554986bfa0d35f20e2f2f740.exe

    • Size

      200KB

    • MD5

      b0749aae554986bfa0d35f20e2f2f740

    • SHA1

      80fe356b51fdd237ddf856ca897fa9e38286d97a

    • SHA256

      384fe222a93548118e8b3173247f69fabcd028e54f6f16a7ee61ae1e89edf38d

    • SHA512

      3d968f553605edc7476c99bd179ef5ae3969471298e848ee064a5fd6f2ef0688805facf078a4c1dc51628a9c5f1f0b3422baf352f389eab802f80cd029a70097

    • SSDEEP

      768:J/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfL/:JRsvcdcQjosnvnZ6LQ1E/

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks