Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.f0d0ab5855bb495d99d1e138ae4896b0.exe

  • Size

    127KB

  • Sample

    231022-v4glnsce28

  • MD5

    f0d0ab5855bb495d99d1e138ae4896b0

  • SHA1

    5d5e8774da0556029e48d3ba2142a7d02109abf5

  • SHA256

    50d0e02307b3ba6d83bd28efb935b37c4f4dc7edb1b8e9cbdb3082d241a1e7b4

  • SHA512

    ae5854b4ce92395c7d656f6ff97b9e831327e0fded2a98d78d858d9cac373fa0851d2084db94375c2924407e979e30e3f7e7abd590196bcb02ac3d2820bfd692

  • SSDEEP

    3072:dOjWuyt0ZHqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPL:dIH9OKofHfHTXQLzgvnzHPowYbvrjD/O

Malware Config

Targets

    • Target

      NEAS.f0d0ab5855bb495d99d1e138ae4896b0.exe

    • Size

      127KB

    • MD5

      f0d0ab5855bb495d99d1e138ae4896b0

    • SHA1

      5d5e8774da0556029e48d3ba2142a7d02109abf5

    • SHA256

      50d0e02307b3ba6d83bd28efb935b37c4f4dc7edb1b8e9cbdb3082d241a1e7b4

    • SHA512

      ae5854b4ce92395c7d656f6ff97b9e831327e0fded2a98d78d858d9cac373fa0851d2084db94375c2924407e979e30e3f7e7abd590196bcb02ac3d2820bfd692

    • SSDEEP

      3072:dOjWuyt0ZHqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPL:dIH9OKofHfHTXQLzgvnzHPowYbvrjD/O

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks