Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e450334557d6d45d2a873e648cdf1b50_NeikiAnalytics

  • Size

    8.5MB

  • Sample

    240516-tj656acg49

  • MD5

    e450334557d6d45d2a873e648cdf1b50

  • SHA1

    aee26beb05128e839d0279e779ce7cef283ef2b5

  • SHA256

    a1732b9038446d9d600bb8413ca86eccf1272e26844f4b65632c22189c80f7e5

  • SHA512

    4cd8ac4fa2ec37530eb9c1de4b699aafda43b8d3d86624d592995d49a574662931650e14a333c0bea754fde3bfd76295988375e31b7ff2786d3205b92d7fdb31

  • SSDEEP

    196608:0yEbq8kKU1qXD0QwAIYfIFtCe8lN4XuWEA1HaugJKvgabfT8z//QTDQsNkEC1:0mK8qjwAaCe8f4eWVYKoabfT6QT0s2E6

Malware Config

Targets

    • Target

      e450334557d6d45d2a873e648cdf1b50_NeikiAnalytics

    • Size

      8.5MB

    • MD5

      e450334557d6d45d2a873e648cdf1b50

    • SHA1

      aee26beb05128e839d0279e779ce7cef283ef2b5

    • SHA256

      a1732b9038446d9d600bb8413ca86eccf1272e26844f4b65632c22189c80f7e5

    • SHA512

      4cd8ac4fa2ec37530eb9c1de4b699aafda43b8d3d86624d592995d49a574662931650e14a333c0bea754fde3bfd76295988375e31b7ff2786d3205b92d7fdb31

    • SSDEEP

      196608:0yEbq8kKU1qXD0QwAIYfIFtCe8lN4XuWEA1HaugJKvgabfT8z//QTDQsNkEC1:0mK8qjwAaCe8f4eWVYKoabfT6QT0s2E6

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks