Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b63bb79c57bf2f8a91ad512f309a5fd44596c5f57a840ed59f9200cb09ddd983_NeikiAnalytics.exe

  • Size

    274KB

  • Sample

    240629-wnemtawamq

  • MD5

    665e74ffe2d50c5727ce8d60e7d68750

  • SHA1

    bd46e6b4169d0e99d308626a58381d20e63227bf

  • SHA256

    b63bb79c57bf2f8a91ad512f309a5fd44596c5f57a840ed59f9200cb09ddd983

  • SHA512

    ec0dae28073645e8bcf31a9065d902dd1032d1304d06356137b5d7e5ad631f8517a08472c277e005c0fe104a507fe2f75b8fa54fe20797a72c387a079d61d742

  • SSDEEP

    6144:A//ICMmDRxs3NBRoXMpbGljMxFjAIJZ0UiPQkLxcETJG4PhoIgP+:A//vi9B6D9MbjA+W5Y89J7

Malware Config

Targets

    • Target

      b63bb79c57bf2f8a91ad512f309a5fd44596c5f57a840ed59f9200cb09ddd983_NeikiAnalytics.exe

    • Size

      274KB

    • MD5

      665e74ffe2d50c5727ce8d60e7d68750

    • SHA1

      bd46e6b4169d0e99d308626a58381d20e63227bf

    • SHA256

      b63bb79c57bf2f8a91ad512f309a5fd44596c5f57a840ed59f9200cb09ddd983

    • SHA512

      ec0dae28073645e8bcf31a9065d902dd1032d1304d06356137b5d7e5ad631f8517a08472c277e005c0fe104a507fe2f75b8fa54fe20797a72c387a079d61d742

    • SSDEEP

      6144:A//ICMmDRxs3NBRoXMpbGljMxFjAIJZ0UiPQkLxcETJG4PhoIgP+:A//vi9B6D9MbjA+W5Y89J7

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks