Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c28d6e7c2dee7ccd4f510f7eb74df970_NEIKI

  • Size

    116KB

  • Sample

    240508-edxl7shc2t

  • MD5

    c28d6e7c2dee7ccd4f510f7eb74df970

  • SHA1

    cee2accfaf217517a6faf0431dc034a85ab506bb

  • SHA256

    e2161e1707d8880dd8eee7ad460add4dea30c8ac7e2b5ed51554a533753f3f72

  • SHA512

    b2263c92cf36aafd4d09ddae36c47c7b4482f999e43dd4344ce3da8894e6b9251c4be69afe2218c8bf38a783d4bb3ebb3d58b256c42052026bcbe56edae70ef4

  • SSDEEP

    1536:aJUGCqveEeXdTeG4wu6oQuwEhQQWKXJR721rSTdk/cpAKdlaKrorkgA55i:aHFveEyTAK7VKXXS1GT7AKzaKrtP55i

Malware Config

Targets

    • Target

      c28d6e7c2dee7ccd4f510f7eb74df970_NEIKI

    • Size

      116KB

    • MD5

      c28d6e7c2dee7ccd4f510f7eb74df970

    • SHA1

      cee2accfaf217517a6faf0431dc034a85ab506bb

    • SHA256

      e2161e1707d8880dd8eee7ad460add4dea30c8ac7e2b5ed51554a533753f3f72

    • SHA512

      b2263c92cf36aafd4d09ddae36c47c7b4482f999e43dd4344ce3da8894e6b9251c4be69afe2218c8bf38a783d4bb3ebb3d58b256c42052026bcbe56edae70ef4

    • SSDEEP

      1536:aJUGCqveEeXdTeG4wu6oQuwEhQQWKXJR721rSTdk/cpAKdlaKrorkgA55i:aHFveEyTAK7VKXXS1GT7AKzaKrtP55i

    • Blocklisted process makes network request

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks