Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

  • Size

    918KB

  • Sample

    231107-ybfepagc55

  • MD5

    449cd0af42dcd2d9bf2b3e0bf44e2000

  • SHA1

    c942821020ba22930800e4a24f39a6611e2a0ea3

  • SHA256

    de237cb5fcd9ddad3eec1eb3719675c758722892fe0979eb1b540dc0bcc0dff4

  • SHA512

    61d6f8218d0ea02dbc5f3a1eb3d38caf3b61e96e463c21c37f82645823348df2ac90bd673c2d9df1cf63a68d13f8dfce72ad8ec730637b717efbc5c4fb93d2ee

  • SSDEEP

    12288:VEQoSfqTGAZBhImCzVM9uKR+UPDJnawML/YsInbN6GCRUooCAMITJN9SUtqLqWVP:VezdCBjKoUPDgwM8ssJ6G9MIEUczl

Malware Config

Targets

    • Target

      NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

    • Size

      918KB

    • MD5

      449cd0af42dcd2d9bf2b3e0bf44e2000

    • SHA1

      c942821020ba22930800e4a24f39a6611e2a0ea3

    • SHA256

      de237cb5fcd9ddad3eec1eb3719675c758722892fe0979eb1b540dc0bcc0dff4

    • SHA512

      61d6f8218d0ea02dbc5f3a1eb3d38caf3b61e96e463c21c37f82645823348df2ac90bd673c2d9df1cf63a68d13f8dfce72ad8ec730637b717efbc5c4fb93d2ee

    • SSDEEP

      12288:VEQoSfqTGAZBhImCzVM9uKR+UPDJnawML/YsInbN6GCRUooCAMITJN9SUtqLqWVP:VezdCBjKoUPDgwM8ssJ6G9MIEUczl

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks