Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e450334557d6d45d2a873e648cdf1b50_NeikiAnalytics
-
Size
8.5MB
-
Sample
240516-tj656acg49
-
MD5
e450334557d6d45d2a873e648cdf1b50
-
SHA1
aee26beb05128e839d0279e779ce7cef283ef2b5
-
SHA256
a1732b9038446d9d600bb8413ca86eccf1272e26844f4b65632c22189c80f7e5
-
SHA512
4cd8ac4fa2ec37530eb9c1de4b699aafda43b8d3d86624d592995d49a574662931650e14a333c0bea754fde3bfd76295988375e31b7ff2786d3205b92d7fdb31
-
SSDEEP
196608:0yEbq8kKU1qXD0QwAIYfIFtCe8lN4XuWEA1HaugJKvgabfT8z//QTDQsNkEC1:0mK8qjwAaCe8f4eWVYKoabfT6QT0s2E6
Static task
static1
Behavioral task
behavioral1
Sample
e450334557d6d45d2a873e648cdf1b50_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
e450334557d6d45d2a873e648cdf1b50_NeikiAnalytics
-
Size
8.5MB
-
MD5
e450334557d6d45d2a873e648cdf1b50
-
SHA1
aee26beb05128e839d0279e779ce7cef283ef2b5
-
SHA256
a1732b9038446d9d600bb8413ca86eccf1272e26844f4b65632c22189c80f7e5
-
SHA512
4cd8ac4fa2ec37530eb9c1de4b699aafda43b8d3d86624d592995d49a574662931650e14a333c0bea754fde3bfd76295988375e31b7ff2786d3205b92d7fdb31
-
SSDEEP
196608:0yEbq8kKU1qXD0QwAIYfIFtCe8lN4XuWEA1HaugJKvgabfT8z//QTDQsNkEC1:0mK8qjwAaCe8f4eWVYKoabfT6QT0s2E6
-
Gh0st RAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-