Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.df1be8e4c58f3cf6d724a80a3d18ba60.exe

  • Size

    261KB

  • Sample

    231014-xzhz2sbe74

  • MD5

    df1be8e4c58f3cf6d724a80a3d18ba60

  • SHA1

    b64044ca47c4b3efeb3d1a388d5bb5a22627b748

  • SHA256

    682a12ca752f2bdd16cd9ab3de71e44147307eaa88e2a7ced2bc8c28f267cd91

  • SHA512

    5d9022825369ebcebf36565cfdc0bdb855239ee29d220e5e0828e1b762a2e051e4d96077242081db1f9b6a97a270ffdf13d36462bca1bb82a738ac713a9abae0

  • SSDEEP

    3072:SVHgCc4xGvbwcU9KQ2BBAHmaPxiVojb5EGW:TCc4xGxWKQ2Bonxa

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.byethost12.com
  • Port:
    21
  • Username:
    b12_8082975
  • Password:
    951753zx

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      NEAS.df1be8e4c58f3cf6d724a80a3d18ba60.exe

    • Size

      261KB

    • MD5

      df1be8e4c58f3cf6d724a80a3d18ba60

    • SHA1

      b64044ca47c4b3efeb3d1a388d5bb5a22627b748

    • SHA256

      682a12ca752f2bdd16cd9ab3de71e44147307eaa88e2a7ced2bc8c28f267cd91

    • SHA512

      5d9022825369ebcebf36565cfdc0bdb855239ee29d220e5e0828e1b762a2e051e4d96077242081db1f9b6a97a270ffdf13d36462bca1bb82a738ac713a9abae0

    • SSDEEP

      3072:SVHgCc4xGvbwcU9KQ2BBAHmaPxiVojb5EGW:TCc4xGxWKQ2Bonxa

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks