Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics

  • Size

    821KB

  • Sample

    240513-wf1v3sgg36

  • MD5

    c04f3e8305d716dfe959f5e1481d77a0

  • SHA1

    7805690c0525f44fb663269d9581dd9093e405c9

  • SHA256

    f27d2fae6b3839ea442c63354ad68be5714a3dc4974c8367211e54a86fea6a62

  • SHA512

    de38edafce02aa38f803ce927512d90f7e2437a66541136fb87ec28a520707372cf419db199bd08d8949f6a6375806a9b2d5569d9761a87c1348936a0fb7f20e

  • SSDEEP

    12288:0EQoSCG2bT2gnPc8hAWyNoa6irY/ejMjTyDcEQRTY8off0hHOS9/t0fXj0Meh:0CvcDXNoa6ic/2iTyDART430ES12w

Malware Config

Targets

    • Target

      c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics

    • Size

      821KB

    • MD5

      c04f3e8305d716dfe959f5e1481d77a0

    • SHA1

      7805690c0525f44fb663269d9581dd9093e405c9

    • SHA256

      f27d2fae6b3839ea442c63354ad68be5714a3dc4974c8367211e54a86fea6a62

    • SHA512

      de38edafce02aa38f803ce927512d90f7e2437a66541136fb87ec28a520707372cf419db199bd08d8949f6a6375806a9b2d5569d9761a87c1348936a0fb7f20e

    • SSDEEP

      12288:0EQoSCG2bT2gnPc8hAWyNoa6irY/ejMjTyDcEQRTY8off0hHOS9/t0fXj0Meh:0CvcDXNoa6ic/2iTyDART430ES12w

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks