Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.f96d72c2ec720db9b8cca7ce9f403390.exe
-
Size
426KB
-
Sample
231117-fvzcssfd93
-
MD5
f96d72c2ec720db9b8cca7ce9f403390
-
SHA1
212f374f6de532eab335d9efd95d02d7df6c704c
-
SHA256
07f8c94a943d14c0691d3dd5a36037f63cac62f378ec80338c52995e357e8e12
-
SHA512
675bef417900d5ce1c78d7373c4efc977e700c8f1be2b7ef95f08083adfaf2757f1eb5394fd13eafef67b2470dd1b59b952c3f5667ec9736f58e8dbf3c2b75af
-
SSDEEP
3072:0ChJgYMm4xf9cU9KQ2BxA59SPMsOo6n2f0YK0FN8lpSUyKncAxi2/:8YMm4xiWKQ2BiCMMZK03kNcAT/
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.f96d72c2ec720db9b8cca7ce9f403390.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.f96d72c2ec720db9b8cca7ce9f403390.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
onthelinux - Password:
741852abc
Targets
-
-
Target
NEAS.f96d72c2ec720db9b8cca7ce9f403390.exe
-
Size
426KB
-
MD5
f96d72c2ec720db9b8cca7ce9f403390
-
SHA1
212f374f6de532eab335d9efd95d02d7df6c704c
-
SHA256
07f8c94a943d14c0691d3dd5a36037f63cac62f378ec80338c52995e357e8e12
-
SHA512
675bef417900d5ce1c78d7373c4efc977e700c8f1be2b7ef95f08083adfaf2757f1eb5394fd13eafef67b2470dd1b59b952c3f5667ec9736f58e8dbf3c2b75af
-
SSDEEP
3072:0ChJgYMm4xf9cU9KQ2BxA59SPMsOo6n2f0YK0FN8lpSUyKncAxi2/:8YMm4xiWKQ2BiCMMZK03kNcAT/
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-