Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

  • Size

    705KB

  • Sample

    231022-v5j37abd7y

  • MD5

    ffcc689b6d3ebe5366a51a67a4c5e1c0

  • SHA1

    70f7ed898f6ea53cbde91a1e918e583f0ebdeb0d

  • SHA256

    855ce7c4f46d349c5ce1004802912b81ef2da3508de1512ef9c07acf3b947081

  • SHA512

    ec8d4bc2288b14724134ad92e894bba7da9b43a5ffd6cd6cfb6994c910beab40b9b16216928f2708d8243ca2c427a5ed2498efcb725c081abbff1848c1130f95

  • SSDEEP

    12288:VEQoSml0NHhuZQtQgPZZ44eHM2zb96iAES/2Jjrddk54qsPIiB0YKmPsrNGr:VhhTNZZ5eBz5xSgTy+gJOPWG

Malware Config

Targets

    • Target

      NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

    • Size

      705KB

    • MD5

      ffcc689b6d3ebe5366a51a67a4c5e1c0

    • SHA1

      70f7ed898f6ea53cbde91a1e918e583f0ebdeb0d

    • SHA256

      855ce7c4f46d349c5ce1004802912b81ef2da3508de1512ef9c07acf3b947081

    • SHA512

      ec8d4bc2288b14724134ad92e894bba7da9b43a5ffd6cd6cfb6994c910beab40b9b16216928f2708d8243ca2c427a5ed2498efcb725c081abbff1848c1130f95

    • SSDEEP

      12288:VEQoSml0NHhuZQtQgPZZ44eHM2zb96iAES/2Jjrddk54qsPIiB0YKmPsrNGr:VhhTNZZ5eBz5xSgTy+gJOPWG

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.