Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.cec3bc2a6f0e1011becd5df92117b710_JC.exe

  • Size

    376KB

  • Sample

    231031-y85qvafe69

  • MD5

    cec3bc2a6f0e1011becd5df92117b710

  • SHA1

    86df3f63439875a751ae4644ebe89df53fde3250

  • SHA256

    3887ef3c315b9d6f44469d14fe239a7d65c735786fe588f8f8fcec0adb8cd96b

  • SHA512

    428572fea7fd12e220f632a803f65a427ec8d9790a65a3b55a29397ab49a6e38431e1f1b61327dd839f97e7645b6d8f7fa5e228f933b9014edb3f70c4a1cee07

  • SSDEEP

    6144:jVTarW9Q2dU6VPAKovnQUvmmAF7J77777S40X0p:jVmrW9HZPGvnQUvmmAF7J77777SnX0p

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      NEAS.cec3bc2a6f0e1011becd5df92117b710_JC.exe

    • Size

      376KB

    • MD5

      cec3bc2a6f0e1011becd5df92117b710

    • SHA1

      86df3f63439875a751ae4644ebe89df53fde3250

    • SHA256

      3887ef3c315b9d6f44469d14fe239a7d65c735786fe588f8f8fcec0adb8cd96b

    • SHA512

      428572fea7fd12e220f632a803f65a427ec8d9790a65a3b55a29397ab49a6e38431e1f1b61327dd839f97e7645b6d8f7fa5e228f933b9014edb3f70c4a1cee07

    • SSDEEP

      6144:jVTarW9Q2dU6VPAKovnQUvmmAF7J77777S40X0p:jVmrW9HZPGvnQUvmmAF7J77777SnX0p

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks