Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    nicetokissthebestthingsiwantotgetmebackwith.hta

  • Size

    130KB

  • Sample

    241017-rcnzwszgkc

  • MD5

    b581033fd1ba02c7724802d3ccda9b5b

  • SHA1

    ad4484b11cfd436200542cc8e4fbaebcb7491bf8

  • SHA256

    008009858f9248a8d5f220f5f4a999438ec8c6218e97560ccde06b35cebd3fe4

  • SHA512

    12c49b5ace4caf4ee56726ab8c19ace2e95f5a8c5478edd9f3076dcd3a659f6aa0240fbad95083657512cb22a4d8c5d0f57c1374e1dddc90f7f56389daac8d47

  • SSDEEP

    192:Ea2xiqX85ziqI8o33MAEyNiqIiqaH8niqyCT:UxR85za88MZ0Kw8nX

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://raw.githubusercontent.com/CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpg%20

exe.dropper

https://raw.githubusercontent.com/CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpg%20

Targets

    • Target

      nicetokissthebestthingsiwantotgetmebackwith.hta

    • Size

      130KB

    • MD5

      b581033fd1ba02c7724802d3ccda9b5b

    • SHA1

      ad4484b11cfd436200542cc8e4fbaebcb7491bf8

    • SHA256

      008009858f9248a8d5f220f5f4a999438ec8c6218e97560ccde06b35cebd3fe4

    • SHA512

      12c49b5ace4caf4ee56726ab8c19ace2e95f5a8c5478edd9f3076dcd3a659f6aa0240fbad95083657512cb22a4d8c5d0f57c1374e1dddc90f7f56389daac8d47

    • SSDEEP

      192:Ea2xiqX85ziqI8o33MAEyNiqIiqaH8niqyCT:UxR85za88MZ0Kw8nX

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Evasion via Device Credential Deployment

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks