Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Okthabah.exe
-
Size
434KB
-
Sample
240516-v2byeafg62
-
MD5
66affb0ca8f6d6370cc61db763a1031f
-
SHA1
b1bb40419c56cb0418d7657f4fb9cfefca902d44
-
SHA256
68ac1c517be7a28e59ed717f6e2ed7b94f81ae595ded1454f38c928fbaad6b71
-
SHA512
b305a5de0b8c91d0a3f376ed71ca8f456cab74f993bf73c2cccee452a3ff54e7c50eaac13efc003ff8c531f35fb12f45334003ab1caffb95f137ff85800bce80
-
SSDEEP
12288:IR3eJ+U4Q9O1cj/jIkfLKi/0B9eK59c+4uzCf9uJWRU:o3eJ+Ung8/jIkf2taK59c+hO+EU
Static task
static1
Behavioral task
behavioral1
Sample
Okthabah.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Okthabah.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Onerosity240.ops
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
Onerosity240.ops
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Okthabah.exe
-
Size
434KB
-
MD5
66affb0ca8f6d6370cc61db763a1031f
-
SHA1
b1bb40419c56cb0418d7657f4fb9cfefca902d44
-
SHA256
68ac1c517be7a28e59ed717f6e2ed7b94f81ae595ded1454f38c928fbaad6b71
-
SHA512
b305a5de0b8c91d0a3f376ed71ca8f456cab74f993bf73c2cccee452a3ff54e7c50eaac13efc003ff8c531f35fb12f45334003ab1caffb95f137ff85800bce80
-
SSDEEP
12288:IR3eJ+U4Q9O1cj/jIkfLKi/0B9eK59c+4uzCf9uJWRU:o3eJ+Ung8/jIkf2taK59c+hO+EU
Score8/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Onerosity240.Ops
-
Size
50KB
-
MD5
6b4519b036b5b1961ff12ebb9bf92152
-
SHA1
d576508e86ec7e3c53bfbe8a68ee99b4e71fcc96
-
SHA256
45b0d4e32da65cc44236f47f60d3d86704890afc7eb8ef3770107525c428b976
-
SHA512
bb459f7cbe9d0498c4aaf8c8af0165c85bdecd99e218a37bf33e97fc30ba877d4d80db000cf34c8fce5e9ba29ff97b5a948adaae077f73cb5ed38b88ecb7440a
-
SSDEEP
768:X3rc5jEdhpUqZW9zTgsodGHghAJVcRI8Gogh3U5e0WJ05XdQUHFtbAGYZ9:HiYdmQIHgcVf8G9h3X0K0X2UltUd
Score3/10 -