tria.ge
Open in
urlscan Pro
2606:4700:4400::ac40:9370
Public Scan
URL:
https://tria.ge/240517-p2zrkshg91
Submission: On December 12 via api from IN — Scanned from DE
Submission: On December 12 via api from IN — Scanned from DE
Form analysis
0 forms found in the DOMText Content
* Submit * Reports * Overview overview 10 Static static 10 3. Scan ne...er.exe windows10-2004-x64 6 3. Scan ne...NS.exe windows10-2004-x64 1 Open_file@...om.exe windows10-2004-x64 8 Download SampleFeedbackPrint to PDF SHARING Copy URL Twitter E-mail GENERAL * Target bjj.zip * Size 1.2MB * Sample 240517-p2zrkshg91 * MD5 d4f3aac49d3433b577e108b9073175d4 * SHA1 914d3cd38d92e1f73d60c649b08ae3ab65447ad7 * SHA256 93342ba29bb4352232870a25963ee5574fa7d78b29f20776cf8f13dc51432785 * SHA512 d2e847d9353bb9af80231b16460a6a87187058701b1cbb181e23dc201df58715a8e6f1f35772590ace81be76ea6da0ecdf6f9672beb9a2ba766e7afc2f520daa * SSDEEP 24576:40zEarfEA0zj/WHdEJ8VAvEiNcYRxq1dkPK2M5k3egc6Wckj1X:VTrKW6Oueck1CPKR8egZ5kR Score 10/10 neshtaevasion Static task static1 neshta 3 signatures Behavioral task behavioral1 Sample 3. Scan network drives/9.1 Finder.exe Resource win10v2004-20240508-en windows10-2004-x64 2 signatures 150 seconds Behavioral task behavioral2 Sample 3. Scan network drives/9.2 NS.exe Resource win10v2004-20240508-en windows10-2004-x64 0 signatures 150 seconds Behavioral task behavioral3 Sample Open_file@tutanota.com.exe Resource win10v2004-20240426-en evasion windows10-2004-x64 6 signatures 150 seconds MALWARE CONFIG TARGETS * * Target 3. Scan network drives/9.1 Finder.exe * Size 125KB * MD5 597de376b1f80c06d501415dd973dcec * SHA1 629c9649ced38fd815124221b80c9d9c59a85e74 * SHA256 f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446 * SHA512 072565912208e97cc691e1a102e32fd6c243b5a3f8047a159e97aabbe302bddc36f3c52cecde3b506151bc89e0f3b5acf6552a82d83dac6e0180c873d36d3f6b * SSDEEP 1536:Vc4Kvp6PWy/6oU2cpzLWJst+cYsu0TXSkdlgNPldqxFktvVg49jvvck1y40sWjcu:Vc3GJQ56et+cT7SoeNdqbMfN7TId Score 6/10 * ENUMERATES CONNECTED DRIVES Attempts to read the root path of hard drives other than the default C: drive. behavioral1 * * Target 3. Scan network drives/9.2 NS.exe * Size 113KB * MD5 869420f42c9448924f935e5c1e2d9949 * SHA1 f628f11e39d2ce90e49de8774df40a248a6abcff * SHA256 3da3b704547f6f4a1497107e78856d434a408306b92ba7c6e270c7c9790aa576 * SHA512 c272bc1fe3dd8cace08b4c5315dd481820e25fc72d177d9ff450622d1d7f0f2b54afa179cfb6d473ff0c349f672a330f5945bcdddc6b3142c4dbe10e9d1b2bed * SSDEEP 1536:dcI+4BLSk6cMj+zlh/MHjibsu0y1P3q0LE4sCjYjUJG+fMgOQMcbFh169dsWjcdl:WIi0NXS2cm/qSE18Y44m5Fh4c3V Score 1/10 behavioral2 * * Target Open_file@tutanota.com.exe * Size 1.3MB * MD5 7c81770eee7776811ccbf01584262ca7 * SHA1 5632f27158227ec4b6b6910133cebe035dc20bcb * SHA256 153a11e6dfe886a1950c874309f33cee72411bce30d283ece10b8f2d5870ca03 * SHA512 39c515bc26ff320d8bfd07311ac927c5b68bac0b1b29b5f83235502f811b969b45edb6980656ac704b1963f562662f799a5275ca8c2f289d9d508f11a6c30437 * SSDEEP 24576:/FkxWGzCNdJpSFyI/GRX15UELFv9tJm4BYUeOdeuAo8v2+74Ws3Nm30Y:exqmywGH5UK7AHLUNi3 Score 8/10 evasion * MODIFIES WINDOWS FIREWALL evasion * LEGITIMATE HOSTING SERVICES ABUSED FOR MALWARE HOSTING/C2 * LOOKS UP EXTERNAL IP ADDRESS VIA WEB SERVICE Uses a legitimate IP lookup service to find the infected system's external IP. behavioral3 MITRE ATT&CK ENTERPRISE V15 Reconnaissance Resource Development Initial Access Execution Persistence Create or Modify System Process 1 T1543 Windows Service 1 T1543.003 Privilege Escalation Create or Modify System Process 1 T1543 Windows Service 1 T1543.003 Defense Evasion Impair Defenses 1 T1562 Disable or Modify System Firewall 1 T1562.004 Credential Access Discovery Peripheral Device Discovery 1 T1120 Query Registry 1 T1012 System Information Discovery 1 T1082 Lateral Movement Collection Command and Control Web Service 1 T1102 Exfiltration Impact TASKS STATIC1 neshta Score 10/10 BEHAVIORAL1 Score 6/10 BEHAVIORAL2 Score 1/10 BEHAVIORAL3 evasion Score 8/10 © 2018-2024 Terms | Privacy WE CARE ABOUT YOUR PRIVACY. This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. Accept