Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2eca7433ec9b1b18d9500a69d8699790_NeikiAnalytics.exe

  • Size

    355KB

  • Sample

    240517-zghyfaaa4y

  • MD5

    2eca7433ec9b1b18d9500a69d8699790

  • SHA1

    54c2e6091297fe0b52f52a6d10c1b42d42ad2f00

  • SHA256

    f903e135a65eb8054aa175ae64f9bbaf89e317967ef03c6f9819f2847a9ca67f

  • SHA512

    ce0a2c309049b8d2e109ff4f93621c020026bc0fefe0c8071f5752a0def589aaa228794d400d097f4b38d7120013f5c1300be723cd87d4569bd61b7bc638a6f2

  • SSDEEP

    6144:/qvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7ov:/qvMQ5ibjnwka3pbRC19Gw/Nsov

Score
10/10

Malware Config

Targets

    • Target

      2eca7433ec9b1b18d9500a69d8699790_NeikiAnalytics.exe

    • Size

      355KB

    • MD5

      2eca7433ec9b1b18d9500a69d8699790

    • SHA1

      54c2e6091297fe0b52f52a6d10c1b42d42ad2f00

    • SHA256

      f903e135a65eb8054aa175ae64f9bbaf89e317967ef03c6f9819f2847a9ca67f

    • SHA512

      ce0a2c309049b8d2e109ff4f93621c020026bc0fefe0c8071f5752a0def589aaa228794d400d097f4b38d7120013f5c1300be723cd87d4569bd61b7bc638a6f2

    • SSDEEP

      6144:/qvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7ov:/qvMQ5ibjnwka3pbRC19Gw/Nsov

    Score
    10/10
    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks