Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.d8362873ab63b6d1228a8b981b16fa1f.exe
-
Size
145KB
-
Sample
231117-vgz5habd56
-
MD5
d8362873ab63b6d1228a8b981b16fa1f
-
SHA1
9b1872d88a7dabbc6ea63c67e3f9b064b3b98e82
-
SHA256
d6efb5e23cd8124846e34b9adf07e1f12b1e2f06d5a5f7c05b712b26d4c71709
-
SHA512
8abd8ab4446d9b273d2324f19379633f1d21ae928224191a3f22043f1cc5dd3d18149de03dde8f90fbc4d9f95374285e91891d2e58108f282ba93320783e846a
-
SSDEEP
768:P/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfL/G:PRsvcdcQjosnvnZ6LQ1E/G
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.d8362873ab63b6d1228a8b981b16fa1f.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.d8362873ab63b6d1228a8b981b16fa1f.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tripod.com - Port:
21 - Username:
griptoloji - Password:
741852
Targets
-
-
Target
NEAS.d8362873ab63b6d1228a8b981b16fa1f.exe
-
Size
145KB
-
MD5
d8362873ab63b6d1228a8b981b16fa1f
-
SHA1
9b1872d88a7dabbc6ea63c67e3f9b064b3b98e82
-
SHA256
d6efb5e23cd8124846e34b9adf07e1f12b1e2f06d5a5f7c05b712b26d4c71709
-
SHA512
8abd8ab4446d9b273d2324f19379633f1d21ae928224191a3f22043f1cc5dd3d18149de03dde8f90fbc4d9f95374285e91891d2e58108f282ba93320783e846a
-
SSDEEP
768:P/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfL/G:PRsvcdcQjosnvnZ6LQ1E/G
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-