Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    92385ec9bdc503608b66e50a120a3f6ac226ef4d8998e84a2efdaee47f8d6b62_NeikiAnalytics.exe

  • Size

    1.6MB

  • Sample

    240629-k4k9ravbjc

  • MD5

    17a0700e7617fd8c881240e6ffb08ab0

  • SHA1

    43f10e0aa633cffa8d9cce59b180d34be29bcea5

  • SHA256

    92385ec9bdc503608b66e50a120a3f6ac226ef4d8998e84a2efdaee47f8d6b62

  • SHA512

    b7f4b92126ca75cb83be80c7bbaf5f86d1540823a3ca2e0e6e500ddbf4d9e98017e8f04abf29820648129e6a047d17c0de86c24575a14542f7a8db0c5e0862a8

  • SSDEEP

    24576:lJpvLitaW4+a6GqaUB1cagibr2vL7XAC06svyx5dHdAFw3wUYGclD3PI9yeRRII:fpfd76Btc2eMLyZHO+ADXbPI9FRh

Malware Config

Targets

    • Target

      92385ec9bdc503608b66e50a120a3f6ac226ef4d8998e84a2efdaee47f8d6b62_NeikiAnalytics.exe

    • Size

      1.6MB

    • MD5

      17a0700e7617fd8c881240e6ffb08ab0

    • SHA1

      43f10e0aa633cffa8d9cce59b180d34be29bcea5

    • SHA256

      92385ec9bdc503608b66e50a120a3f6ac226ef4d8998e84a2efdaee47f8d6b62

    • SHA512

      b7f4b92126ca75cb83be80c7bbaf5f86d1540823a3ca2e0e6e500ddbf4d9e98017e8f04abf29820648129e6a047d17c0de86c24575a14542f7a8db0c5e0862a8

    • SSDEEP

      24576:lJpvLitaW4+a6GqaUB1cagibr2vL7XAC06svyx5dHdAFw3wUYGclD3PI9yeRRII:fpfd76Btc2eMLyZHO+ADXbPI9FRh

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks