Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
-
Size
756KB
-
Sample
240625-lljtmsveqj
-
MD5
6a20e50e8c3c85f918fc964fd12acea0
-
SHA1
de54a7ce54602a244a28364c19343a7de4b4df57
-
SHA256
4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461
-
SHA512
0d72d6dbf41931c8967180a31b17d2cdc49056f58eb75de19e151dd772b87635961a4af9b3a4d46c9eb5778dabe679b0d4b9b1d922c5d76b8738f3aa5555abe5
-
SSDEEP
12288:dXCNi9BJ/Xf96WhYWr7HDqdtE1TeErjGO9Z2XyVm/u3L7HQfMYIWyFZesDtkekyh:oWJ/Xf9r9r7jOtEheEFP6yVyub7H5/rr
Malware Config
Targets
-
-
Target
4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
-
Size
756KB
-
MD5
6a20e50e8c3c85f918fc964fd12acea0
-
SHA1
de54a7ce54602a244a28364c19343a7de4b4df57
-
SHA256
4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461
-
SHA512
0d72d6dbf41931c8967180a31b17d2cdc49056f58eb75de19e151dd772b87635961a4af9b3a4d46c9eb5778dabe679b0d4b9b1d922c5d76b8738f3aa5555abe5
-
SSDEEP
12288:dXCNi9BJ/Xf96WhYWr7HDqdtE1TeErjGO9Z2XyVm/u3L7HQfMYIWyFZesDtkekyh:oWJ/Xf9r9r7jOtEheEFP6yVyub7H5/rr
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-