Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

NeonToolV3.exe

windows7-x64

7

NeonToolV3.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NeonToolV3.exe

  • Size

    84.4MB

  • Sample

    250323-j345sst1as

  • MD5

    cf7fdb52e1becb981a44fb696d19e65f

  • SHA1

    5dc995b9a82516d4ee31dcec7c06c945d1bc3a97

  • SHA256

    530f08f4c0fdd69377f813ae431a221e10979f4d012855723630ab92cf6f4f7d

  • SHA512

    cd18b555b9583e39c58de5bb01a6bd540ea62fd61cb6b92e5c5bb342ddceb4658d053327ad3087937fe186df6cb3f71d87aef65c5085eb9d3b6a68a88401f82d

  • SSDEEP

    1572864:BtIupuqVjlVWXILP4OkiqOv8im2ARGE7TlhpBBRgiYweyJulZUdgk7ZLCPmVXPe:IYFbCILgOknOv8i3K7LpnRZpug7tfe

Score
10/10
pysilondefense_evasiondiscoveryexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      NeonToolV3.exe

    • Size

      84.4MB

    • MD5

      cf7fdb52e1becb981a44fb696d19e65f

    • SHA1

      5dc995b9a82516d4ee31dcec7c06c945d1bc3a97

    • SHA256

      530f08f4c0fdd69377f813ae431a221e10979f4d012855723630ab92cf6f4f7d

    • SHA512

      cd18b555b9583e39c58de5bb01a6bd540ea62fd61cb6b92e5c5bb342ddceb4658d053327ad3087937fe186df6cb3f71d87aef65c5085eb9d3b6a68a88401f82d

    • SSDEEP

      1572864:BtIupuqVjlVWXILP4OkiqOv8im2ARGE7TlhpBBRgiYweyJulZUdgk7ZLCPmVXPe:IYFbCILgOknOv8i3K7LpnRZpug7tfe

    Score
    9/10
    upxdefense_evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      41b4d2cf404c0c18695bb00f11c0b71b

    • SHA1

      d3890fe6891f235105822cb517c458584e0b3d0e

    • SHA256

      64f2e24979e7aaa6e0a6c5e9f6aebf5708a3e2c97e1247129a0d42b9e2be145c

    • SHA512

      52b28336f05d433e29c71a593ada77dc8fc3848538f118982f9b690dd8b4e3d3f9e974ed825f092c6e75136e66a12f575d0f0eb19f0ded3cbfa72b5f591473fd

    • SSDEEP

      384:nGC7RYmnXavELPJrltcshntQ5s6a2holHVA:nGCuvEL9ltcsttQ5s6aCgHVA

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      3723ca2ab941180c7e9ee955c84787b4

    • SHA1

      260e052041dfb7b9f9345cbc658f08ffc311fceb

    • SHA256

      dffcee11552a1347d7ec86d302ae7c11aa823fe656bd94d10a73c02b956609f4

    • SHA512

      b23ad6cade52c631f29a04316ad764df24c542f5515457556748ac4bdc4ebef0de1363682c5077e9c48437475229680f9f7634c48b31c0fc066380b880a44633

    • SSDEEP

      96:nlNatj7BMMKiNW8Zxh9ybA6HUWc4/xIgBZFLjH2K8BXFxUBvF/A7qx3slMFztwXX:lNaBBeiNR9QfUF2x3NC79F21aG6qDAhN

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      c42e089e863f6e8137098c45fceab40e

    • SHA1

      6518578e7b5f2480492334238b84ad3be5b1380c

    • SHA256

      62c5f58bfd4b9cee38e6b973ed8000eda063488096380acf6ab7264f8c1df76c

    • SHA512

      9e8ccd4383728166faf22c3f10fd471388ef8084c5e000e9fe58241c6ef4b9abd23a29de032a69a332ff41c852fcf786941ccf4ddfac1b4cb28b6251ab4942f5

    • SSDEEP

      96:XSMlhlvyznDweHPF8+VB7sHIZGQSWfvmyyZ1k9zhub:iolvyz8evq+VBXZGQlvmV1k5hub

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      d23a91aebc53fb0d013c182fc10a569e

    • SHA1

      2fe4680de0ddafad84c4cf69d5427674ee2f49d9

    • SHA256

      5fd25ed5ea1de4064160ee4559dfba63fe1e4b86fd631c388581ddebfc975b7d

    • SHA512

      97c4aeb2d64469d6d469066bfa24135ad9351f79cbafe5f97ccdbc4e8d759684789f10efe08f50db0d33b8a923b0d9bb6c4ad6d49aadc938472781fd37ca0024

    • SSDEEP

      192:A114qWLlhuUIxDPK2cMHJb+XUhitovgEuz:64qWLlMFyVMHAE/4

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      172KB

    • MD5

      8eae70a8b1e7bb730a20e51ef9850e9f

    • SHA1

      d89c546150a41a2f76073a0ec5bc463a432d265b

    • SHA256

      00f9a7591cc45056e7a51cf6fc573d2a9f44fa72a7de604aed7d114787f6184a

    • SHA512

      b45de3b274097e473904c0fb823c76ad04af622ec86ce95d8c7e9bf9c6e422f91e4f91e335f7b451715b5acb65b985af8baf7088ea51a4d6ca57a9a074756a23

    • SSDEEP

      3072:nFfyAC0aOO2rG1VST/ovPZTerUScdQQV+C/iIvdXzprsTxw:ndC0aOO2rGa/o0j8SChse

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks