Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.df1be8e4c58f3cf6d724a80a3d18ba60.exe
-
Size
261KB
-
Sample
231014-xzhz2sbe74
-
MD5
df1be8e4c58f3cf6d724a80a3d18ba60
-
SHA1
b64044ca47c4b3efeb3d1a388d5bb5a22627b748
-
SHA256
682a12ca752f2bdd16cd9ab3de71e44147307eaa88e2a7ced2bc8c28f267cd91
-
SHA512
5d9022825369ebcebf36565cfdc0bdb855239ee29d220e5e0828e1b762a2e051e4d96077242081db1f9b6a97a270ffdf13d36462bca1bb82a738ac713a9abae0
-
SSDEEP
3072:SVHgCc4xGvbwcU9KQ2BBAHmaPxiVojb5EGW:TCc4xGxWKQ2Bonxa
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.df1be8e4c58f3cf6d724a80a3d18ba60.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.df1be8e4c58f3cf6d724a80a3d18ba60.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.byethost12.com - Port:
21 - Username:
b12_8082975 - Password:
951753zx
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Targets
-
-
Target
NEAS.df1be8e4c58f3cf6d724a80a3d18ba60.exe
-
Size
261KB
-
MD5
df1be8e4c58f3cf6d724a80a3d18ba60
-
SHA1
b64044ca47c4b3efeb3d1a388d5bb5a22627b748
-
SHA256
682a12ca752f2bdd16cd9ab3de71e44147307eaa88e2a7ced2bc8c28f267cd91
-
SHA512
5d9022825369ebcebf36565cfdc0bdb855239ee29d220e5e0828e1b762a2e051e4d96077242081db1f9b6a97a270ffdf13d36462bca1bb82a738ac713a9abae0
-
SSDEEP
3072:SVHgCc4xGvbwcU9KQ2BBAHmaPxiVojb5EGW:TCc4xGxWKQ2Bonxa
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-