Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.c9b9d9a1b8def6b02ed9ddad9baba4c0.exe

  • Size

    1.8MB

  • Sample

    231101-rnc2rsfg9z

  • MD5

    c9b9d9a1b8def6b02ed9ddad9baba4c0

  • SHA1

    65edaef6b9997873e913581db6912db74b16c8e5

  • SHA256

    cbaf69969689d310a9a5f2d69862cada5ac11910946375e4995e6fbf1939a7cd

  • SHA512

    8b8a9dfb3c708db61e5a0ca8f7e0bfb24c17765e109234d446cfceaf0e5ac57d683d9f45a4d876d112f7c5f30c985e6ba210aed257a01a5dc653c206ce40e431

  • SSDEEP

    49152:Na0b26eHVNoT05oDZna0w+yDXCtuvsrZDOm+RanrJmj:NaaFeHV+qoDdHymtYQtmj

Malware Config

Targets

    • Target

      NEAS.c9b9d9a1b8def6b02ed9ddad9baba4c0.exe

    • Size

      1.8MB

    • MD5

      c9b9d9a1b8def6b02ed9ddad9baba4c0

    • SHA1

      65edaef6b9997873e913581db6912db74b16c8e5

    • SHA256

      cbaf69969689d310a9a5f2d69862cada5ac11910946375e4995e6fbf1939a7cd

    • SHA512

      8b8a9dfb3c708db61e5a0ca8f7e0bfb24c17765e109234d446cfceaf0e5ac57d683d9f45a4d876d112f7c5f30c985e6ba210aed257a01a5dc653c206ce40e431

    • SSDEEP

      49152:Na0b26eHVNoT05oDZna0w+yDXCtuvsrZDOm+RanrJmj:NaaFeHV+qoDdHymtYQtmj

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks