Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
otoke.vbs
-
Size
27KB
-
Sample
231012-2ns34adh8v
-
MD5
ca04e20c7652a5ca78f73918591c2d87
-
SHA1
1718223db20fa1383aef308f76aa87bae002d662
-
SHA256
ffc7197524bf47757b756546e880c089875a549fddd20a5e1cef0d7e7b281c38
-
SHA512
b2a6d36f2456007748b2125233e9a7e0206948bd841eb444f029edcb2c171409b25d1108c2643385bf762d1c291b4265ce7d57003b2f266e1c6d07750d0fd574
-
SSDEEP
768:0QgdN5RyiUiK3IfJO37NwNGFFNWePDUirUif3IhBN6sEx:9Am
Static task
static1
Behavioral task
behavioral1
Sample
otoke.vbs
Resource
win10v2004-20230915-es
Malware Config
Targets
-
-
Target
otoke.vbs
-
Size
27KB
-
MD5
ca04e20c7652a5ca78f73918591c2d87
-
SHA1
1718223db20fa1383aef308f76aa87bae002d662
-
SHA256
ffc7197524bf47757b756546e880c089875a549fddd20a5e1cef0d7e7b281c38
-
SHA512
b2a6d36f2456007748b2125233e9a7e0206948bd841eb444f029edcb2c171409b25d1108c2643385bf762d1c291b4265ce7d57003b2f266e1c6d07750d0fd574
-
SSDEEP
768:0QgdN5RyiUiK3IfJO37NwNGFFNWePDUirUif3IhBN6sEx:9Am
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-