Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

14/02/2024, 03:14

240214-drczaafe3s 6

13/02/2024, 22:25

240213-2b1bmsbg82 6

General

  • Target

    Nezur (1).zip

  • Size

    477KB

  • Sample

    240213-2b1bmsbg82

  • MD5

    299ae221cfd986385576228b45c3e076

  • SHA1

    6b533e1fe33d7e67bbe58c64997a81c49308e9a4

  • SHA256

    b21f293030df8c3706f999d014d0e31c7673e07dd45e813e23ce80c606bd74cc

  • SHA512

    36732d46253feba81fed54fd7d0317ea2c8cb76306ba03f5d8c452d262d07c850c3c5d38e53c3ef01010e83918ea987258e4b15674f84cfba39db80105206efe

  • SSDEEP

    12288:eiN+cU0Yz3jBL75xwc4XscIFl4zA6fzvBLLkwRy:RKjRdxwr81FlQxfDxLkd

Score
6/10

Malware Config

Targets

    • Target

      Nezur (1).zip

    • Size

      477KB

    • MD5

      299ae221cfd986385576228b45c3e076

    • SHA1

      6b533e1fe33d7e67bbe58c64997a81c49308e9a4

    • SHA256

      b21f293030df8c3706f999d014d0e31c7673e07dd45e813e23ce80c606bd74cc

    • SHA512

      36732d46253feba81fed54fd7d0317ea2c8cb76306ba03f5d8c452d262d07c850c3c5d38e53c3ef01010e83918ea987258e4b15674f84cfba39db80105206efe

    • SSDEEP

      12288:eiN+cU0Yz3jBL75xwc4XscIFl4zA6fzvBLLkwRy:RKjRdxwr81FlQxfDxLkd

    Score
    1/10
    • Target

      Nezur.exe

    • Size

      89KB

    • MD5

      dd98a43cb27efd5bcc29efb23fdd6ca5

    • SHA1

      38f621f3f0df5764938015b56ecfa54948dde8f5

    • SHA256

      1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a

    • SHA512

      871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0

    • SSDEEP

      1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv

    Score
    1/10
    • Target

      README.txt

    • Size

      928B

    • MD5

      4a696fefeef0bae73a3358e7bba47413

    • SHA1

      da4ba272db35131c93af20d019d10502c80485a5

    • SHA256

      dc45080b1009ad874227ef73d1cadfc8ee13eb9778d49830da102af248b6f067

    • SHA512

      5be178f006d42816b2c5ef237bdc117058d624561318393e4e75ec36e12c2349e8fb8f3c0a9bcefd78891b0cbb4e57a8e27542b79af6af474b40a5a2b1c06382

    Score
    1/10
    • Target

      auto_load.txt

    • Size

      187KB

    • MD5

      1e6b9406fd84312cb2bbd29293f1a344

    • SHA1

      543a81b1e1934c1cf0232a20869c428727a25454

    • SHA256

      cf63912c3b3ccfacd48e8c35fc5fdd401135e6d56978fc0012ce86b0a4a81e0f

    • SHA512

      a977e8e98734da9624c92ce2bd2ae3b2f3d3b910a961339aa223a00828536e979b8b6b603ddf7952e2625b1ae26d1e2931aa4c6dfa47de9908b536780d06767f

    • SSDEEP

      3072:q2L5e0kaEmW57RygMEAm73Gut+rA9b6/uh58tR+gbT71BcTEtYZK:p5V05NyREAm73yrAdj8//1OGYZK

    Score
    1/10
    • Target

      configs/autosave.cfg

    • Size

      916B

    • MD5

      024ab27dfe02dbcd5357528ac4dbe028

    • SHA1

      2f2b7df7b4557e274d4255cebd65d6d7c125cf95

    • SHA256

      c029522bb51f2eea602e3818be4b495282cc2d8da92421f8bf3ced7dc46098bd

    • SHA512

      f87d48447e5663be7e63f7f7934d33c795f2201acc753720bbf77af49cf8ab44b6f9618a2a22dd8f08a5d67424ca0c7c566b15b3f172edc34af4b29a23b5d137

    Score
    3/10
    • Target

      lua51.dll

    • Size

      592KB

    • MD5

      3dff7448b43fcfb4dc65e0040b0ffb88

    • SHA1

      583cdab08519d99f49234965ffd07688ccf52c56

    • SHA256

      ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60

    • SHA512

      cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394

    • SSDEEP

      12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY

    Score
    3/10
    • Target

      start.bat

    • Size

      548B

    • MD5

      12c37bf6537bfdf93b80c31f6d1391b2

    • SHA1

      43df564e4988008f3e97167837f58f1452cf3d13

    • SHA256

      cab7b8973dd5f7252af6a1a080deec442acd1e6bdd6c7476bd73e39553751222

    • SHA512

      c59645da2377ec2eb8c4ca75174379134dc657741ee324fc6fd38170b9704852bf136a919fe0363ea85befe61e8838ef74dad07e365392d8f8f6462bb1ba75f9

    Score
    6/10
    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks