Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.f96d72c2ec720db9b8cca7ce9f403390.exe

  • Size

    426KB

  • Sample

    231117-fvzcssfd93

  • MD5

    f96d72c2ec720db9b8cca7ce9f403390

  • SHA1

    212f374f6de532eab335d9efd95d02d7df6c704c

  • SHA256

    07f8c94a943d14c0691d3dd5a36037f63cac62f378ec80338c52995e357e8e12

  • SHA512

    675bef417900d5ce1c78d7373c4efc977e700c8f1be2b7ef95f08083adfaf2757f1eb5394fd13eafef67b2470dd1b59b952c3f5667ec9736f58e8dbf3c2b75af

  • SSDEEP

    3072:0ChJgYMm4xf9cU9KQ2BxA59SPMsOo6n2f0YK0FN8lpSUyKncAxi2/:8YMm4xiWKQ2BiCMMZK03kNcAT/

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      NEAS.f96d72c2ec720db9b8cca7ce9f403390.exe

    • Size

      426KB

    • MD5

      f96d72c2ec720db9b8cca7ce9f403390

    • SHA1

      212f374f6de532eab335d9efd95d02d7df6c704c

    • SHA256

      07f8c94a943d14c0691d3dd5a36037f63cac62f378ec80338c52995e357e8e12

    • SHA512

      675bef417900d5ce1c78d7373c4efc977e700c8f1be2b7ef95f08083adfaf2757f1eb5394fd13eafef67b2470dd1b59b952c3f5667ec9736f58e8dbf3c2b75af

    • SSDEEP

      3072:0ChJgYMm4xf9cU9KQ2BxA59SPMsOo6n2f0YK0FN8lpSUyKncAxi2/:8YMm4xiWKQ2BiCMMZK03kNcAT/

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks