Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe

  • Size

    1.4MB

  • Sample

    240625-kl64hasepn

  • MD5

    8af00c79c5fbd11d9cb3ed0264c43610

  • SHA1

    c5bd7f5e695946dcad1747469881c328180b0374

  • SHA256

    490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156

  • SHA512

    f36449c7bcf3b6e6e5db5a3caea5e71b01f2210b0397016dd436aeb15bb182fae70efeac664bf72fc2a492e3b3a9412e61509ae82382a3b739249a529f364969

  • SSDEEP

    24576:2wVX7kwr8SMMy5BhSUgJEXzQL6v3B8AEwZd44JsGPSElKt3pHVqPC4:hVX7kwrjyzhSUg+XzQLO3BJEzuLXMt36

Malware Config

Targets

    • Target

      490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe

    • Size

      1.4MB

    • MD5

      8af00c79c5fbd11d9cb3ed0264c43610

    • SHA1

      c5bd7f5e695946dcad1747469881c328180b0374

    • SHA256

      490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156

    • SHA512

      f36449c7bcf3b6e6e5db5a3caea5e71b01f2210b0397016dd436aeb15bb182fae70efeac664bf72fc2a492e3b3a9412e61509ae82382a3b739249a529f364969

    • SSDEEP

      24576:2wVX7kwr8SMMy5BhSUgJEXzQL6v3B8AEwZd44JsGPSElKt3pHVqPC4:hVX7kwrjyzhSUg+XzQLO3BJEzuLXMt36

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks