tria.ge Open in urlscan Pro
2606:4700:4400::ac40:9370  Public Scan

URL: https://tria.ge/240517-p2zrkshg91
Submission: On December 12 via api from IN — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

 * Submit
 * Reports


 * 



Overview

overview

10

Static

static

10

3. Scan ne...er.exe

windows10-2004-x64

6

3. Scan ne...NS.exe

windows10-2004-x64

1

Open_file@...om.exe

windows10-2004-x64

8
Download SampleFeedbackPrint to PDF


SHARING

Copy URL
Twitter E-mail

GENERAL

 * Target
   
   bjj.zip
   
   

 * Size
   
   1.2MB
   
   

 * Sample
   
   240517-p2zrkshg91
   
   

 * MD5
   
   d4f3aac49d3433b577e108b9073175d4
   
   

 * SHA1
   
   914d3cd38d92e1f73d60c649b08ae3ab65447ad7
   
   

 * SHA256
   
   93342ba29bb4352232870a25963ee5574fa7d78b29f20776cf8f13dc51432785
   
   

 * SHA512
   
   d2e847d9353bb9af80231b16460a6a87187058701b1cbb181e23dc201df58715a8e6f1f35772590ace81be76ea6da0ecdf6f9672beb9a2ba766e7afc2f520daa
   
   

 * SSDEEP
   
   24576:40zEarfEA0zj/WHdEJ8VAvEiNcYRxq1dkPK2M5k3egc6Wckj1X:VTrKW6Oueck1CPKR8egZ5kR
   
   

Score
10/10

neshtaevasion

Static task

static1

neshta
3 signatures

Behavioral task

behavioral1

Sample

3. Scan network drives/9.1 Finder.exe

Resource

win10v2004-20240508-en


windows10-2004-x64
2 signatures
150 seconds

Behavioral task

behavioral2

Sample

3. Scan network drives/9.2 NS.exe

Resource

win10v2004-20240508-en


windows10-2004-x64
0 signatures
150 seconds

Behavioral task

behavioral3

Sample

Open_file@tutanota.com.exe

Resource

win10v2004-20240426-en

evasion
windows10-2004-x64
6 signatures
150 seconds

MALWARE CONFIG



TARGETS

 *  * Target
      
      3. Scan network drives/9.1 Finder.exe
      
      
   
    * Size
      
      125KB
      
      
   
    * MD5
      
      597de376b1f80c06d501415dd973dcec
      
      
   
    * SHA1
      
      629c9649ced38fd815124221b80c9d9c59a85e74
      
      
   
    * SHA256
      
      f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446
      
      
   
    * SHA512
      
      072565912208e97cc691e1a102e32fd6c243b5a3f8047a159e97aabbe302bddc36f3c52cecde3b506151bc89e0f3b5acf6552a82d83dac6e0180c873d36d3f6b
      
      
   
    * SSDEEP
      
      1536:Vc4Kvp6PWy/6oU2cpzLWJst+cYsu0TXSkdlgNPldqxFktvVg49jvvck1y40sWjcu:Vc3GJQ56et+cT7SoeNdqbMfN7TId
      
      
   
   Score
   6/10
   
   
   
   
   * ENUMERATES CONNECTED DRIVES
     
     Attempts to read the root path of hard drives other than the default C:
     drive.
   behavioral1

 *  * Target
      
      3. Scan network drives/9.2 NS.exe
      
      
   
    * Size
      
      113KB
      
      
   
    * MD5
      
      869420f42c9448924f935e5c1e2d9949
      
      
   
    * SHA1
      
      f628f11e39d2ce90e49de8774df40a248a6abcff
      
      
   
    * SHA256
      
      3da3b704547f6f4a1497107e78856d434a408306b92ba7c6e270c7c9790aa576
      
      
   
    * SHA512
      
      c272bc1fe3dd8cace08b4c5315dd481820e25fc72d177d9ff450622d1d7f0f2b54afa179cfb6d473ff0c349f672a330f5945bcdddc6b3142c4dbe10e9d1b2bed
      
      
   
    * SSDEEP
      
      1536:dcI+4BLSk6cMj+zlh/MHjibsu0y1P3q0LE4sCjYjUJG+fMgOQMcbFh169dsWjcdl:WIi0NXS2cm/qSE18Y44m5Fh4c3V
      
      
   
   Score
   1/10
   
   
   behavioral2

 *  * Target
      
      Open_file@tutanota.com.exe
      
      
   
    * Size
      
      1.3MB
      
      
   
    * MD5
      
      7c81770eee7776811ccbf01584262ca7
      
      
   
    * SHA1
      
      5632f27158227ec4b6b6910133cebe035dc20bcb
      
      
   
    * SHA256
      
      153a11e6dfe886a1950c874309f33cee72411bce30d283ece10b8f2d5870ca03
      
      
   
    * SHA512
      
      39c515bc26ff320d8bfd07311ac927c5b68bac0b1b29b5f83235502f811b969b45edb6980656ac704b1963f562662f799a5275ca8c2f289d9d508f11a6c30437
      
      
   
    * SSDEEP
      
      24576:/FkxWGzCNdJpSFyI/GRX15UELFv9tJm4BYUeOdeuAo8v2+74Ws3Nm30Y:exqmywGH5UK7AHLUNi3
      
      
   
   Score
   8/10
   
   evasion
   
   
   * MODIFIES WINDOWS FIREWALL
     
     evasion
   
   
   * LEGITIMATE HOSTING SERVICES ABUSED FOR MALWARE HOSTING/C2
   
   
   * LOOKS UP EXTERNAL IP ADDRESS VIA WEB SERVICE
     
     Uses a legitimate IP lookup service to find the infected system's external
     IP.
   behavioral3


MITRE ATT&CK ENTERPRISE V15

Reconnaissance



Resource Development



Initial Access



Execution



Persistence



Create or Modify System Process


1
T1543

Windows Service


1
T1543.003

Privilege Escalation



Create or Modify System Process


1
T1543

Windows Service


1
T1543.003

Defense Evasion



Impair Defenses


1
T1562

Disable or Modify System Firewall


1
T1562.004

Credential Access



Discovery



Peripheral Device Discovery


1
T1120

Query Registry


1
T1012

System Information Discovery


1
T1082

Lateral Movement



Collection



Command and Control



Web Service


1
T1102

Exfiltration



Impact



TASKS


STATIC1

neshta
Score
10/10



BEHAVIORAL1


Score
6/10



BEHAVIORAL2


Score
1/10



BEHAVIORAL3

evasion
Score
8/10




© 2018-2024

Terms | Privacy


WE CARE ABOUT YOUR PRIVACY.

This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.

Accept