Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    otoke.vbs

  • Size

    27KB

  • Sample

    231012-2ns34adh8v

  • MD5

    ca04e20c7652a5ca78f73918591c2d87

  • SHA1

    1718223db20fa1383aef308f76aa87bae002d662

  • SHA256

    ffc7197524bf47757b756546e880c089875a549fddd20a5e1cef0d7e7b281c38

  • SHA512

    b2a6d36f2456007748b2125233e9a7e0206948bd841eb444f029edcb2c171409b25d1108c2643385bf762d1c291b4265ce7d57003b2f266e1c6d07750d0fd574

  • SSDEEP

    768:0QgdN5RyiUiK3IfJO37NwNGFFNWePDUirUif3IhBN6sEx:9Am

Score
10/10

Malware Config

Targets

    • Target

      otoke.vbs

    • Size

      27KB

    • MD5

      ca04e20c7652a5ca78f73918591c2d87

    • SHA1

      1718223db20fa1383aef308f76aa87bae002d662

    • SHA256

      ffc7197524bf47757b756546e880c089875a549fddd20a5e1cef0d7e7b281c38

    • SHA512

      b2a6d36f2456007748b2125233e9a7e0206948bd841eb444f029edcb2c171409b25d1108c2643385bf762d1c291b4265ce7d57003b2f266e1c6d07750d0fd574

    • SSDEEP

      768:0QgdN5RyiUiK3IfJO37NwNGFFNWePDUirUif3IhBN6sEx:9Am

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks