Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0304ffc8aa8410101029a1785051ef30_NeikiAnalytics

  • Size

    118KB

  • Sample

    240510-rzthwsba3t

  • MD5

    0304ffc8aa8410101029a1785051ef30

  • SHA1

    1693db8621e8834e70729bc5fb8eef531ce7aca2

  • SHA256

    29637eb025a05b18f5a2c77830df95d61f3dac9a52056d013af6b3e05b0436d4

  • SHA512

    8a5ffe09037ffc68edc34dd3ec53a4752f38798279e5d6422a8ad5c28ff81b7adfa56b21476b75bbee8d33fedd3e2abdf2ff905119c8606dfa77b731feb157b7

  • SSDEEP

    3072:GOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPb:GIs9OKofHfHTXQLzgvnzHPowYbvrjD/m

Malware Config

Targets

    • Target

      0304ffc8aa8410101029a1785051ef30_NeikiAnalytics

    • Size

      118KB

    • MD5

      0304ffc8aa8410101029a1785051ef30

    • SHA1

      1693db8621e8834e70729bc5fb8eef531ce7aca2

    • SHA256

      29637eb025a05b18f5a2c77830df95d61f3dac9a52056d013af6b3e05b0436d4

    • SHA512

      8a5ffe09037ffc68edc34dd3ec53a4752f38798279e5d6422a8ad5c28ff81b7adfa56b21476b75bbee8d33fedd3e2abdf2ff905119c8606dfa77b731feb157b7

    • SSDEEP

      3072:GOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPb:GIs9OKofHfHTXQLzgvnzHPowYbvrjD/m

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks