Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    49ba7e406e599fe608b92966f76afcd0_NeikiAnalytics

  • Size

    170KB

  • Sample

    240510-cpxegada7v

  • MD5

    49ba7e406e599fe608b92966f76afcd0

  • SHA1

    d6bbe65642cc08d6b18a2bd15b040f4d342845fc

  • SHA256

    7ef1b76752bbc8f2e96be2e402c146b3ffa238fcee011a926e53a1b921e70039

  • SHA512

    a3bc9c3bc5323ea31ebcfa5252e3c3377d427a268cf1f2bb76cb4c1d3c93fb4b77bf9b1d3f2b4f6b3350e9b066033952ac90d19de8a1e59305427c886a99a92f

  • SSDEEP

    3072:djzhZWxivgmhbI/pqqsFUCN3R9MI+Q7KJLjIsWEvCK886g4our84hoUS8NIF+bp3:dXC4vgmhbIxs3NBR7MnW+B6g4ourV8Ud

Malware Config

Targets

    • Target

      49ba7e406e599fe608b92966f76afcd0_NeikiAnalytics

    • Size

      170KB

    • MD5

      49ba7e406e599fe608b92966f76afcd0

    • SHA1

      d6bbe65642cc08d6b18a2bd15b040f4d342845fc

    • SHA256

      7ef1b76752bbc8f2e96be2e402c146b3ffa238fcee011a926e53a1b921e70039

    • SHA512

      a3bc9c3bc5323ea31ebcfa5252e3c3377d427a268cf1f2bb76cb4c1d3c93fb4b77bf9b1d3f2b4f6b3350e9b066033952ac90d19de8a1e59305427c886a99a92f

    • SSDEEP

      3072:djzhZWxivgmhbI/pqqsFUCN3R9MI+Q7KJLjIsWEvCK886g4our84hoUS8NIF+bp3:dXC4vgmhbIxs3NBR7MnW+B6g4ourV8Ud

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks