Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.001f639668abaf3f2d66076646d541ba_JC.exe

  • Size

    417KB

  • Sample

    231021-vrpfraff9y

  • MD5

    001f639668abaf3f2d66076646d541ba

  • SHA1

    d101adf35bb817b935e1e32c29b52ccd5d465441

  • SHA256

    be9370081c5e23f5b3d812b8fa9ff6e4aab62f58e1ab39a50e660b1aa734d00f

  • SHA512

    617cfa0c42ff9f706854198149eba553c0fc0c42e4b449b026331274a4cbecbc2bf997090bf9830a8b9280aacac805f55fd41393a0212dd897aff4dfaab59460

  • SSDEEP

    6144:NPDLCL+Io5R4nM/4iwfuSaSbtUEQscMLulVo6dWsGEOKZ+XkMK5MR0Y7EWl+WU:NPKLyq/f//bW93lzQERZ+ZKCRW/

Malware Config

Targets

    • Target

      NEAS.001f639668abaf3f2d66076646d541ba_JC.exe

    • Size

      417KB

    • MD5

      001f639668abaf3f2d66076646d541ba

    • SHA1

      d101adf35bb817b935e1e32c29b52ccd5d465441

    • SHA256

      be9370081c5e23f5b3d812b8fa9ff6e4aab62f58e1ab39a50e660b1aa734d00f

    • SHA512

      617cfa0c42ff9f706854198149eba553c0fc0c42e4b449b026331274a4cbecbc2bf997090bf9830a8b9280aacac805f55fd41393a0212dd897aff4dfaab59460

    • SSDEEP

      6144:NPDLCL+Io5R4nM/4iwfuSaSbtUEQscMLulVo6dWsGEOKZ+XkMK5MR0Y7EWl+WU:NPKLyq/f//bW93lzQERZ+ZKCRW/

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks