Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d6c42166e11a471b6c38d717461f566a183d5e1cd0264f84ec85a1ffedb1db84.unknown
-
Size
1KB
-
Sample
241009-wnqebavekf
-
MD5
8d99e1d348c5f8fad79cc5f4ea2a3904
-
SHA1
64eaa7a6972edf7473d7d3a605d054f0476a2429
-
SHA256
d6c42166e11a471b6c38d717461f566a183d5e1cd0264f84ec85a1ffedb1db84
-
SHA512
677e9d4a550f64cdf921d3c422cf7195915597f4738ca24ccd9bfd10535cdec937b0fd80eba1f17273d9ec318c3ae09850dc651ea0d3785cb2910458aebe0194
Static task
static1
Behavioral task
behavioral1
Sample
E_receipt.vbs
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
E_receipt.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt
https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt
Targets
-
-
Target
E_receipt.vbs
-
Size
3KB
-
MD5
1f7229b717e61580e9baf2830ee7afd0
-
SHA1
98ade23ab27475f6d62f97a45b76b247075ff421
-
SHA256
fa4cc3e867b36269dab9161f078565ff9048ac55ea6dccb8a39b5e156009eabf
-
SHA512
ed233c408b5e7f6948756ff6a7585733055de3ccb3b0408aed31b543a5da722f5e0de949cce3fef1dc22be07aa481205efd5aa2c99959195b3c6ed758e7715f3
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-