Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe

  • Size

    1.9MB

  • Sample

    240625-hjsrzsycrp

  • MD5

    195a5ce451e07889730aa5ed64a5d030

  • SHA1

    e21ee756c39f47a3ae3445746ad347dcf09d4fcb

  • SHA256

    3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73

  • SHA512

    636edad0a1c989f2dbdb6008d6e631dcf3d96aafc39aa202c33f3934afaaacff3ad765fb2aeae8b700c2ed740840b90400374e520e39e3250a001e86408b7625

  • SSDEEP

    49152:hIfp89ejJVw9lfuILYotLDqKzPV7vVPY6+z57EIUCUDd4UyD5wr:ufCcjJFr6t75g7up40

Malware Config

Targets

    • Target

      3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe

    • Size

      1.9MB

    • MD5

      195a5ce451e07889730aa5ed64a5d030

    • SHA1

      e21ee756c39f47a3ae3445746ad347dcf09d4fcb

    • SHA256

      3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73

    • SHA512

      636edad0a1c989f2dbdb6008d6e631dcf3d96aafc39aa202c33f3934afaaacff3ad765fb2aeae8b700c2ed740840b90400374e520e39e3250a001e86408b7625

    • SSDEEP

      49152:hIfp89ejJVw9lfuILYotLDqKzPV7vVPY6+z57EIUCUDd4UyD5wr:ufCcjJFr6t75g7up40

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks