Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

  • Size

    705KB

  • Sample

    231022-v5j37abd7y

  • MD5

    ffcc689b6d3ebe5366a51a67a4c5e1c0

  • SHA1

    70f7ed898f6ea53cbde91a1e918e583f0ebdeb0d

  • SHA256

    855ce7c4f46d349c5ce1004802912b81ef2da3508de1512ef9c07acf3b947081

  • SHA512

    ec8d4bc2288b14724134ad92e894bba7da9b43a5ffd6cd6cfb6994c910beab40b9b16216928f2708d8243ca2c427a5ed2498efcb725c081abbff1848c1130f95

  • SSDEEP

    12288:VEQoSml0NHhuZQtQgPZZ44eHM2zb96iAES/2Jjrddk54qsPIiB0YKmPsrNGr:VhhTNZZ5eBz5xSgTy+gJOPWG

Malware Config

Targets

    • Target

      NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

    • Size

      705KB

    • MD5

      ffcc689b6d3ebe5366a51a67a4c5e1c0

    • SHA1

      70f7ed898f6ea53cbde91a1e918e583f0ebdeb0d

    • SHA256

      855ce7c4f46d349c5ce1004802912b81ef2da3508de1512ef9c07acf3b947081

    • SHA512

      ec8d4bc2288b14724134ad92e894bba7da9b43a5ffd6cd6cfb6994c910beab40b9b16216928f2708d8243ca2c427a5ed2498efcb725c081abbff1848c1130f95

    • SSDEEP

      12288:VEQoSml0NHhuZQtQgPZZ44eHM2zb96iAES/2Jjrddk54qsPIiB0YKmPsrNGr:VhhTNZZ5eBz5xSgTy+gJOPWG

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks