Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.bd14904a859d70d3bdab8d80cae6a6b0.exe

  • Size

    94KB

  • Sample

    231102-ylabesgd74

  • MD5

    bd14904a859d70d3bdab8d80cae6a6b0

  • SHA1

    c9fee830fa05464aa4342a8ee72c19a7de439bb4

  • SHA256

    a36e73500b00d29e707a00e886d8e7a1194f185baafd930063ba304b49a82c73

  • SHA512

    395a8812c8d2bb4ad3960eb9ab6f8e28a955c6fed399f0e973098e4a625214d9c8dabe07604e293ec77473dee4adfa96489d2ff013526bcf45883473fd9c5bf7

  • SSDEEP

    1536:laK4RNx6nb4RoIw/vvBSxXsral6x2aE0zLve2yESXGTBcvt8UaKW40AEEo:IK4RNx6nb4RoIw/XBSeral6oaE0HGnvC

Malware Config

Targets

    • Target

      NEAS.bd14904a859d70d3bdab8d80cae6a6b0.exe

    • Size

      94KB

    • MD5

      bd14904a859d70d3bdab8d80cae6a6b0

    • SHA1

      c9fee830fa05464aa4342a8ee72c19a7de439bb4

    • SHA256

      a36e73500b00d29e707a00e886d8e7a1194f185baafd930063ba304b49a82c73

    • SHA512

      395a8812c8d2bb4ad3960eb9ab6f8e28a955c6fed399f0e973098e4a625214d9c8dabe07604e293ec77473dee4adfa96489d2ff013526bcf45883473fd9c5bf7

    • SSDEEP

      1536:laK4RNx6nb4RoIw/vvBSxXsral6x2aE0zLve2yESXGTBcvt8UaKW40AEEo:IK4RNx6nb4RoIw/XBSeral6oaE0HGnvC

    • Blocklisted process makes network request

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks