Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe

  • Size

    192KB

  • Sample

    231101-mqfs8afb6t

  • MD5

    632a99ee39c4c6495cfb061b7a2ce450

  • SHA1

    9a7f5b8edd73a4cf4d6db26d6f343b472507cb11

  • SHA256

    77b0257adedde817246480017f013da08807671582ba85e6a08a47c619b81e38

  • SHA512

    467a196f162d1c609f52880aa39c7326a2878f381498b94dec7a88d2fbb1e332221e5d780fcd1925b4a62f064ad8b5beed252727f65c90a436eb1cb84bddf1d0

  • SSDEEP

    3072:y9jbLl/gvQoutE1Tj4mYWR/Rew24pRB+5UVsZcPVY5wP5KjD5VBXi:0jluQoSuIo5R+4Z+5Gcc0jjtVBS

Malware Config

Targets

    • Target

      NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe

    • Size

      192KB

    • MD5

      632a99ee39c4c6495cfb061b7a2ce450

    • SHA1

      9a7f5b8edd73a4cf4d6db26d6f343b472507cb11

    • SHA256

      77b0257adedde817246480017f013da08807671582ba85e6a08a47c619b81e38

    • SHA512

      467a196f162d1c609f52880aa39c7326a2878f381498b94dec7a88d2fbb1e332221e5d780fcd1925b4a62f064ad8b5beed252727f65c90a436eb1cb84bddf1d0

    • SSDEEP

      3072:y9jbLl/gvQoutE1Tj4mYWR/Rew24pRB+5UVsZcPVY5wP5KjD5VBXi:0jluQoSuIo5R+4Z+5Gcc0jjtVBS

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks