Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    92e4b860eddef38deefb66714841d66f488bfc8aa536b9afbe65428489e114ae_NeikiAnalytics.exe

  • Size

    68KB

  • Sample

    240628-mcmdvatgme

  • MD5

    c83e60fd26bba4078d2a8bd361d93d20

  • SHA1

    d7dbdf9a2a354e8396eabba8ba66eee47efd54bc

  • SHA256

    92e4b860eddef38deefb66714841d66f488bfc8aa536b9afbe65428489e114ae

  • SHA512

    80b621d9e21f54d824723c656238d7dbaf11476b3f6251769ac9c8c5e72086a614bef91c55b4a208cb804cb6faa571e12d8dc913aaa35f96646fd665ee13020a

  • SSDEEP

    1536:CdXkE87nccOtwqsIcGIjAPdrl88QpFk0cb:uUE87cxtplAKri8WKb

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      92e4b860eddef38deefb66714841d66f488bfc8aa536b9afbe65428489e114ae_NeikiAnalytics.exe

    • Size

      68KB

    • MD5

      c83e60fd26bba4078d2a8bd361d93d20

    • SHA1

      d7dbdf9a2a354e8396eabba8ba66eee47efd54bc

    • SHA256

      92e4b860eddef38deefb66714841d66f488bfc8aa536b9afbe65428489e114ae

    • SHA512

      80b621d9e21f54d824723c656238d7dbaf11476b3f6251769ac9c8c5e72086a614bef91c55b4a208cb804cb6faa571e12d8dc913aaa35f96646fd665ee13020a

    • SSDEEP

      1536:CdXkE87nccOtwqsIcGIjAPdrl88QpFk0cb:uUE87cxtplAKri8WKb

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks