Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.0b2ca15b3f0c2af1ee646d50f9917d20_JC.exe

  • Size

    340KB

  • Sample

    231014-npjzxsfd33

  • MD5

    0b2ca15b3f0c2af1ee646d50f9917d20

  • SHA1

    839b2b3b09f5947fe6818e925feeb0af97d3f603

  • SHA256

    dfa83e0a985772156d60061f77cebcf1d7e6569c57704ba567cb7eb9e1fee802

  • SHA512

    2bc66352a39c2edd4bcf005d565368975e6e92195a16a8ae23b2a37e8f74d6792e78d4a473263670017c912cc6ae3614b7e49f28c210d56b412d73a7afea18eb

  • SSDEEP

    6144:ztvBPnU1b7e9SQii1EkoNlhlrQ2ZrM2xsyxr8ceQdWTw:Zv1nWdQP1EDhZPxsyFDdWTw

Malware Config

Targets

    • Target

      NEAS.0b2ca15b3f0c2af1ee646d50f9917d20_JC.exe

    • Size

      340KB

    • MD5

      0b2ca15b3f0c2af1ee646d50f9917d20

    • SHA1

      839b2b3b09f5947fe6818e925feeb0af97d3f603

    • SHA256

      dfa83e0a985772156d60061f77cebcf1d7e6569c57704ba567cb7eb9e1fee802

    • SHA512

      2bc66352a39c2edd4bcf005d565368975e6e92195a16a8ae23b2a37e8f74d6792e78d4a473263670017c912cc6ae3614b7e49f28c210d56b412d73a7afea18eb

    • SSDEEP

      6144:ztvBPnU1b7e9SQii1EkoNlhlrQ2ZrM2xsyxr8ceQdWTw:Zv1nWdQP1EDhZPxsyFDdWTw

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks