Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.03106a8f6ba6c7b7172b3c5bf07129d0.exe

  • Size

    5.6MB

  • Sample

    231028-wl8swadc4z

  • MD5

    03106a8f6ba6c7b7172b3c5bf07129d0

  • SHA1

    3f55d8d9978c6bd77e4a50fa8def1ae0955c773f

  • SHA256

    fc833521c8217cee92276e968b0360ab304d3e3a01053f63580d0139a8c0b13a

  • SHA512

    73b1486696527a901ba07e1a19a24bec34312b6f096bc5e8b302ca91b46cd0e5c80118debf78be0fe62f0c08e5181e282534ad6f7ee21d987e5ce9a21a9f6f5f

  • SSDEEP

    49152:Dc8+u/2bQC+NL2PmrkoCbGgdQMuzVZywWNSQy/E2LJuVzn1498B7MV33/q2kG1N6:vkj4L2obbTcT1B83vdr0Ol/Wy5i

Malware Config

Targets

    • Target

      NEAS.03106a8f6ba6c7b7172b3c5bf07129d0.exe

    • Size

      5.6MB

    • MD5

      03106a8f6ba6c7b7172b3c5bf07129d0

    • SHA1

      3f55d8d9978c6bd77e4a50fa8def1ae0955c773f

    • SHA256

      fc833521c8217cee92276e968b0360ab304d3e3a01053f63580d0139a8c0b13a

    • SHA512

      73b1486696527a901ba07e1a19a24bec34312b6f096bc5e8b302ca91b46cd0e5c80118debf78be0fe62f0c08e5181e282534ad6f7ee21d987e5ce9a21a9f6f5f

    • SSDEEP

      49152:Dc8+u/2bQC+NL2PmrkoCbGgdQMuzVZywWNSQy/E2LJuVzn1498B7MV33/q2kG1N6:vkj4L2obbTcT1B83vdr0Ol/Wy5i

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks