Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1065005c1e4f2e65aaab7c6a4187a8b0_NeikiAnalytics

  • Size

    276KB

  • Sample

    240513-y1d8xscb3w

  • MD5

    1065005c1e4f2e65aaab7c6a4187a8b0

  • SHA1

    7bcdb9505c6c13dffdf5e1ac7b8bd371a46ba627

  • SHA256

    7ab3eb25abe219404418d6ab09c5da0780b1f1654320e25e2d217b0e01abb229

  • SHA512

    e741c82159078d54347c96684aff6525ef1c2d48f71a16b77dde6ad06016c9ab74d3e3fd4a249453bf2339eb15e255927d7ceee03541d61031b5c09814684d3b

  • SSDEEP

    6144:CE4rib+K6Zpa4C4jLvkjbtMjvpbYZ651NN+uBSTZ5D:ClibsZpa4Nkje9j2Yat

Score
10/10

Malware Config

Targets

    • Target

      1065005c1e4f2e65aaab7c6a4187a8b0_NeikiAnalytics

    • Size

      276KB

    • MD5

      1065005c1e4f2e65aaab7c6a4187a8b0

    • SHA1

      7bcdb9505c6c13dffdf5e1ac7b8bd371a46ba627

    • SHA256

      7ab3eb25abe219404418d6ab09c5da0780b1f1654320e25e2d217b0e01abb229

    • SHA512

      e741c82159078d54347c96684aff6525ef1c2d48f71a16b77dde6ad06016c9ab74d3e3fd4a249453bf2339eb15e255927d7ceee03541d61031b5c09814684d3b

    • SSDEEP

      6144:CE4rib+K6Zpa4C4jLvkjbtMjvpbYZ651NN+uBSTZ5D:ClibsZpa4Nkje9j2Yat

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks