Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    run.vbs

  • Size

    269B

  • Sample

    231106-hlqemsbb75

  • MD5

    3dba029327dfd9f7166738e4d851cb8a

  • SHA1

    14c8f1078e934ae31a41eac643e9a1cca2ecf0c6

  • SHA256

    666131bf5ae20a64b55a835006afae921f20fc23923aeaf0d918ebb4718f8e4e

  • SHA512

    39585229250c8d48093fa78f5779d785efbaf41ac5829070f9316f2b95368b940f25d04f0c2a2aa4dac36c71172a9f426ed9dea01a8c7d7bbd01a7b16b943787

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://138.68.134.18/main.ps1

Targets

    • Target

      run.vbs

    • Size

      269B

    • MD5

      3dba029327dfd9f7166738e4d851cb8a

    • SHA1

      14c8f1078e934ae31a41eac643e9a1cca2ecf0c6

    • SHA256

      666131bf5ae20a64b55a835006afae921f20fc23923aeaf0d918ebb4718f8e4e

    • SHA512

      39585229250c8d48093fa78f5779d785efbaf41ac5829070f9316f2b95368b940f25d04f0c2a2aa4dac36c71172a9f426ed9dea01a8c7d7bbd01a7b16b943787

    Score
    10/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks