Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    84d2219c13d2f85c9ec73e1f33232762230da8cf92098d7cd9fae268170d1cb3_NeikiAnalytics.exe

  • Size

    311KB

  • Sample

    240627-plz3eatdmr

  • MD5

    ed895d83d4d240f6347034aaf962f7f0

  • SHA1

    9e128d10939b2db45ddab95e0e9b8bf3d1fae651

  • SHA256

    84d2219c13d2f85c9ec73e1f33232762230da8cf92098d7cd9fae268170d1cb3

  • SHA512

    6162467adf4bfb4446150d2c951516869298fd2a5407c96a424eda7b1393f441811eb9f30fd282580e7b921193a1f6103ebb475e04d0a1369185ccb6fd559d3d

  • SSDEEP

    6144:NQZXVRBpE3hetT5tBTyTmYokr12Hd1x2Ezp87G9Aen7u91zjTTy9:EVRTE3het1yJh2HduH7GqjTy9

Malware Config

Targets

    • Target

      84d2219c13d2f85c9ec73e1f33232762230da8cf92098d7cd9fae268170d1cb3_NeikiAnalytics.exe

    • Size

      311KB

    • MD5

      ed895d83d4d240f6347034aaf962f7f0

    • SHA1

      9e128d10939b2db45ddab95e0e9b8bf3d1fae651

    • SHA256

      84d2219c13d2f85c9ec73e1f33232762230da8cf92098d7cd9fae268170d1cb3

    • SHA512

      6162467adf4bfb4446150d2c951516869298fd2a5407c96a424eda7b1393f441811eb9f30fd282580e7b921193a1f6103ebb475e04d0a1369185ccb6fd559d3d

    • SSDEEP

      6144:NQZXVRBpE3hetT5tBTyTmYokr12Hd1x2Ezp87G9Aen7u91zjTTy9:EVRTE3het1yJh2HduH7GqjTy9

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks