Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    558275f2578e6ae6bdad91329b8e0990N.exe

  • Size

    146KB

  • Sample

    240902-dgqgma1ckf

  • MD5

    558275f2578e6ae6bdad91329b8e0990

  • SHA1

    a0ca2410f43daeb5c042b381b51529da9a2403ce

  • SHA256

    ee6bab81dd604bb6cd020049568f21d24f6afaa5719be6b6f37bfcde1e2ccbaf

  • SHA512

    e1822760663f22810420bba79467be341c85f77deb80dafdaa05773460697cf7e49f4fcaefafbdd763031b247028baa5b118446c2bdeeb962f7a0f59b20d972e

  • SSDEEP

    3072:sr85CkkbAYn2GgYlBYN2fHYTo+Jt8wDSRUTPV:k9xbAMpgY3gTb8DRUT9

Malware Config

Targets

    • Target

      558275f2578e6ae6bdad91329b8e0990N.exe

    • Size

      146KB

    • MD5

      558275f2578e6ae6bdad91329b8e0990

    • SHA1

      a0ca2410f43daeb5c042b381b51529da9a2403ce

    • SHA256

      ee6bab81dd604bb6cd020049568f21d24f6afaa5719be6b6f37bfcde1e2ccbaf

    • SHA512

      e1822760663f22810420bba79467be341c85f77deb80dafdaa05773460697cf7e49f4fcaefafbdd763031b247028baa5b118446c2bdeeb962f7a0f59b20d972e

    • SSDEEP

      3072:sr85CkkbAYn2GgYlBYN2fHYTo+Jt8wDSRUTPV:k9xbAMpgY3gTb8DRUT9

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks