Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2124e51506f793c9ea126540cacc2d70_NeikiAnalytics

  • Size

    145KB

  • Sample

    240510-2r33gaec6w

  • MD5

    2124e51506f793c9ea126540cacc2d70

  • SHA1

    ade375bf96fdfd13528d0abac8be1c1202f2f537

  • SHA256

    36f50a5d66dd97d4a4015cf91993cc6434d00896b45bbf6a5b2a26c83c556d33

  • SHA512

    70f2236a305bf29071771b64c94d08b994bf4b747dedffbf6018cbc2a541361efd65b7c0b6d6ef86698d6647e39bec923b0df0e40a6be14b8f88332bc8ce004d

  • SSDEEP

    1536:+fxvtgixq7OstjzjW6ZdjtETzR77i11GAbRp0BGiEA0O0o:+HIa6KTdNAbzSGiN0OJ

Malware Config

Targets

    • Target

      2124e51506f793c9ea126540cacc2d70_NeikiAnalytics

    • Size

      145KB

    • MD5

      2124e51506f793c9ea126540cacc2d70

    • SHA1

      ade375bf96fdfd13528d0abac8be1c1202f2f537

    • SHA256

      36f50a5d66dd97d4a4015cf91993cc6434d00896b45bbf6a5b2a26c83c556d33

    • SHA512

      70f2236a305bf29071771b64c94d08b994bf4b747dedffbf6018cbc2a541361efd65b7c0b6d6ef86698d6647e39bec923b0df0e40a6be14b8f88332bc8ce004d

    • SSDEEP

      1536:+fxvtgixq7OstjzjW6ZdjtETzR77i11GAbRp0BGiEA0O0o:+HIa6KTdNAbzSGiN0OJ

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks