Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
575b492dde6a22eb32d5bb2c146054a0_NEIKI
-
Size
4.0MB
-
Sample
240508-z3gmhaad22
-
MD5
575b492dde6a22eb32d5bb2c146054a0
-
SHA1
b508611429e8e63a87c6e47459ee72917a82a091
-
SHA256
211c254f45f6fb09fe27227a46fe7f4cccfb3468362acc250fa2db0197d60886
-
SHA512
140d8827182fa99d5545995003a09322e10da4a4f64616c231eb070fc982b0b64c99708492a2e25fa9cd172791d80e300aa2f986e3804728553badb633e694e6
-
SSDEEP
98304:AdL9xWLs1Esvx3VRy2XOwnqoQyVHXoblgL74+7e:AzwM5S2X9qM3oqLU+7e
Static task
static1
Behavioral task
behavioral1
Sample
575b492dde6a22eb32d5bb2c146054a0_NEIKI.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
575b492dde6a22eb32d5bb2c146054a0_NEIKI.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
socks5systemz
51.159.66.125
217.23.6.51
151.80.38.159
217.23.9.168
37.187.122.227
-
rc4_key
heyfg645fdhwi
Targets
-
-
Target
575b492dde6a22eb32d5bb2c146054a0_NEIKI
-
Size
4.0MB
-
MD5
575b492dde6a22eb32d5bb2c146054a0
-
SHA1
b508611429e8e63a87c6e47459ee72917a82a091
-
SHA256
211c254f45f6fb09fe27227a46fe7f4cccfb3468362acc250fa2db0197d60886
-
SHA512
140d8827182fa99d5545995003a09322e10da4a4f64616c231eb070fc982b0b64c99708492a2e25fa9cd172791d80e300aa2f986e3804728553badb633e694e6
-
SSDEEP
98304:AdL9xWLs1Esvx3VRy2XOwnqoQyVHXoblgL74+7e:AzwM5S2X9qM3oqLU+7e
Score10/10-
Detect Socks5Systemz Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-