Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.d8362873ab63b6d1228a8b981b16fa1f.exe

  • Size

    145KB

  • Sample

    231117-vgz5habd56

  • MD5

    d8362873ab63b6d1228a8b981b16fa1f

  • SHA1

    9b1872d88a7dabbc6ea63c67e3f9b064b3b98e82

  • SHA256

    d6efb5e23cd8124846e34b9adf07e1f12b1e2f06d5a5f7c05b712b26d4c71709

  • SHA512

    8abd8ab4446d9b273d2324f19379633f1d21ae928224191a3f22043f1cc5dd3d18149de03dde8f90fbc4d9f95374285e91891d2e58108f282ba93320783e846a

  • SSDEEP

    768:P/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfL/G:PRsvcdcQjosnvnZ6LQ1E/G

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    griptoloji
  • Password:
    741852

Targets

    • Target

      NEAS.d8362873ab63b6d1228a8b981b16fa1f.exe

    • Size

      145KB

    • MD5

      d8362873ab63b6d1228a8b981b16fa1f

    • SHA1

      9b1872d88a7dabbc6ea63c67e3f9b064b3b98e82

    • SHA256

      d6efb5e23cd8124846e34b9adf07e1f12b1e2f06d5a5f7c05b712b26d4c71709

    • SHA512

      8abd8ab4446d9b273d2324f19379633f1d21ae928224191a3f22043f1cc5dd3d18149de03dde8f90fbc4d9f95374285e91891d2e58108f282ba93320783e846a

    • SSDEEP

      768:P/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfL/G:PRsvcdcQjosnvnZ6LQ1E/G

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks