Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c7941ddb367c6d18dfeda0aa2f38e3b0_NeikiAnalytics

  • Size

    66KB

  • Sample

    240514-p82jragc5s

  • MD5

    c7941ddb367c6d18dfeda0aa2f38e3b0

  • SHA1

    cfec0f7d77e4660f041b49f1b4bcf8d594f6c1b0

  • SHA256

    b85cf426b273c087d5da9ed474d7aea16b546d5f42fab4a199f63a6240b0a50d

  • SHA512

    60ccbba71070f5e053cbe20343fefe343ba17b6c87139e5f2cf04ca4f758cf593b7c0f2d318a65f83ecfa010087d4c2983db5ac2d6608ba4aeab3d3c7097f710

  • SSDEEP

    1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZh:ymb3NkkiQ3mdBjF0yUm/

Malware Config

Targets

    • Target

      c7941ddb367c6d18dfeda0aa2f38e3b0_NeikiAnalytics

    • Size

      66KB

    • MD5

      c7941ddb367c6d18dfeda0aa2f38e3b0

    • SHA1

      cfec0f7d77e4660f041b49f1b4bcf8d594f6c1b0

    • SHA256

      b85cf426b273c087d5da9ed474d7aea16b546d5f42fab4a199f63a6240b0a50d

    • SHA512

      60ccbba71070f5e053cbe20343fefe343ba17b6c87139e5f2cf04ca4f758cf593b7c0f2d318a65f83ecfa010087d4c2983db5ac2d6608ba4aeab3d3c7097f710

    • SSDEEP

      1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZh:ymb3NkkiQ3mdBjF0yUm/

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks