Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.cec3bc2a6f0e1011becd5df92117b710_JC.exe
-
Size
376KB
-
Sample
231031-y85qvafe69
-
MD5
cec3bc2a6f0e1011becd5df92117b710
-
SHA1
86df3f63439875a751ae4644ebe89df53fde3250
-
SHA256
3887ef3c315b9d6f44469d14fe239a7d65c735786fe588f8f8fcec0adb8cd96b
-
SHA512
428572fea7fd12e220f632a803f65a427ec8d9790a65a3b55a29397ab49a6e38431e1f1b61327dd839f97e7645b6d8f7fa5e228f933b9014edb3f70c4a1cee07
-
SSDEEP
6144:jVTarW9Q2dU6VPAKovnQUvmmAF7J77777S40X0p:jVmrW9HZPGvnQUvmmAF7J77777SnX0p
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.cec3bc2a6f0e1011becd5df92117b710_JC.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
NEAS.cec3bc2a6f0e1011becd5df92117b710_JC.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Targets
-
-
Target
NEAS.cec3bc2a6f0e1011becd5df92117b710_JC.exe
-
Size
376KB
-
MD5
cec3bc2a6f0e1011becd5df92117b710
-
SHA1
86df3f63439875a751ae4644ebe89df53fde3250
-
SHA256
3887ef3c315b9d6f44469d14fe239a7d65c735786fe588f8f8fcec0adb8cd96b
-
SHA512
428572fea7fd12e220f632a803f65a427ec8d9790a65a3b55a29397ab49a6e38431e1f1b61327dd839f97e7645b6d8f7fa5e228f933b9014edb3f70c4a1cee07
-
SSDEEP
6144:jVTarW9Q2dU6VPAKovnQUvmmAF7J77777S40X0p:jVmrW9HZPGvnQUvmmAF7J77777SnX0p
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-