Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7c738f47a48ae019fbc126a5af29ce20_NeikiAnalytics

  • Size

    88KB

  • Sample

    240516-cmjetsgb68

  • MD5

    7c738f47a48ae019fbc126a5af29ce20

  • SHA1

    cebfde1971048795e89eb908ca64586713773756

  • SHA256

    890948a0e6a52cf01668ed43fee0813dc8d7231de7f6dff7a3b1dfa3e9819959

  • SHA512

    f4047df961c651df4352902c82d6e320a0146f7ae97ed8b2aa438a5c51b498a6c3347bfd0fc2143543472049bb6fc79f7ba91989610b57f215d958896e26b90b

  • SSDEEP

    1536:5+4hkM3Yz8wMZhUD2XsjEQWOSkE+Ct6WKBex3GWU5FkWp+AmQwKGSZhCQbIo/tSz:dq6OLM3QasY5Ft71fqWWp+efG4hCQra

Malware Config

Targets

    • Target

      7c738f47a48ae019fbc126a5af29ce20_NeikiAnalytics

    • Size

      88KB

    • MD5

      7c738f47a48ae019fbc126a5af29ce20

    • SHA1

      cebfde1971048795e89eb908ca64586713773756

    • SHA256

      890948a0e6a52cf01668ed43fee0813dc8d7231de7f6dff7a3b1dfa3e9819959

    • SHA512

      f4047df961c651df4352902c82d6e320a0146f7ae97ed8b2aa438a5c51b498a6c3347bfd0fc2143543472049bb6fc79f7ba91989610b57f215d958896e26b90b

    • SSDEEP

      1536:5+4hkM3Yz8wMZhUD2XsjEQWOSkE+Ct6WKBex3GWU5FkWp+AmQwKGSZhCQbIo/tSz:dq6OLM3QasY5Ft71fqWWp+efG4hCQra

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks