Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2d777a12f1d80948f2dabf6757e943807cd4157481ff2d97e3e1496b4ee82fc0_NeikiAnalytics.exe

  • Size

    1.8MB

  • Sample

    240626-a2hqqstend

  • MD5

    2c38dd36fe478e9fdb59f96f0afc75e0

  • SHA1

    bd99d94db9d84e83e9ffcd07f6bf18ac5f7e83e5

  • SHA256

    2d777a12f1d80948f2dabf6757e943807cd4157481ff2d97e3e1496b4ee82fc0

  • SHA512

    a2f6c91800a9a99b6dc49e1f1a1d72fbdf1062d274de33ddb6d59c94d28695d15db937a323425ca987944e573cdc5e0d39271f2df4be9919c155df72aa971774

  • SSDEEP

    49152:hfaMapc/G4I+SOzKBsmx5wVP+r+3ibbW9dkQ:QElfsxOVP+G3TT

Malware Config

Targets

    • Target

      2d777a12f1d80948f2dabf6757e943807cd4157481ff2d97e3e1496b4ee82fc0_NeikiAnalytics.exe

    • Size

      1.8MB

    • MD5

      2c38dd36fe478e9fdb59f96f0afc75e0

    • SHA1

      bd99d94db9d84e83e9ffcd07f6bf18ac5f7e83e5

    • SHA256

      2d777a12f1d80948f2dabf6757e943807cd4157481ff2d97e3e1496b4ee82fc0

    • SHA512

      a2f6c91800a9a99b6dc49e1f1a1d72fbdf1062d274de33ddb6d59c94d28695d15db937a323425ca987944e573cdc5e0d39271f2df4be9919c155df72aa971774

    • SSDEEP

      49152:hfaMapc/G4I+SOzKBsmx5wVP+r+3ibbW9dkQ:QElfsxOVP+G3TT

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks