Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    1.3MB

  • Sample

    240304-qpm3pabc5y

  • MD5

    77b0a4cc8efa2b582c0fd137858e9ef5

  • SHA1

    6a7ab92f3859819d06d3decdfdf4f2d6cbf5a433

  • SHA256

    2b1e90bc6f9776e3f4d0f8883a9f3f6a1654827883dc67dd0c3a5581b27d38ba

  • SHA512

    ab4e2c1b5ae5fa7d1bd133c1d70fe61f43174ecd89f0594d143d0f3ae23d5c39f5e8c12562dc5e1a9ce7bb0c773d792e52b952fd58f62ece336aa18847722eec

  • SSDEEP

    24576:EtnO5wUAGYcb5PL1brHUCMdr6Z64AfAQn652WO3pAh:GG1Yevbr0ldr6ZEnckAh

Malware Config

Targets

    • Target

      tmp

    • Size

      1.3MB

    • MD5

      77b0a4cc8efa2b582c0fd137858e9ef5

    • SHA1

      6a7ab92f3859819d06d3decdfdf4f2d6cbf5a433

    • SHA256

      2b1e90bc6f9776e3f4d0f8883a9f3f6a1654827883dc67dd0c3a5581b27d38ba

    • SHA512

      ab4e2c1b5ae5fa7d1bd133c1d70fe61f43174ecd89f0594d143d0f3ae23d5c39f5e8c12562dc5e1a9ce7bb0c773d792e52b952fd58f62ece336aa18847722eec

    • SSDEEP

      24576:EtnO5wUAGYcb5PL1brHUCMdr6Z64AfAQn652WO3pAh:GG1Yevbr0ldr6ZEnckAh

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks