Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Comprovante-KMvy71.zip

  • Size

    26.5MB

  • Sample

    230630-qtjaasea6z

  • MD5

    e806b8e03ca4f582f67624ae90b0a854

  • SHA1

    e8059e6b46723a842e228f6cbaf0ea2052360778

  • SHA256

    3f757d7f910a2397042fa3734b085791329036b31f161e6b6fd585491af48661

  • SHA512

    6ba4ca5ad35fa8f56c34d14fe8c4d404244abdc0255e5a63c88aefeee7ceeb4f6dac7406cfe7faf8b1b78656e74ec132b18c304b302b81ee27b2f79d7ff31d74

  • SSDEEP

    786432:h1XESyxz1agrRYhs+3qnli1Z51ZO4pey/X11IJIQ9642YHl:h1X7yxzvlYhs+3TDYJIQ96kl

Score
7/10

Malware Config

Targets

    • Target

      Comprovante-.msi

    • Size

      27.2MB

    • MD5

      88c4c70a1e2896f7c4b378bb25f607ae

    • SHA1

      d3e096fa83fdbcfe4b5a29f45cf3e0eb635e2ce4

    • SHA256

      ac4e8acc2086f745b274ee623dd109cf76dabc51f26e758e069a23f9e3c671a4

    • SHA512

      00da809e92a321893995b872407220f25091cfcc7010a9cee81152e43ce3153e51c75ef49b1bf9120668152131b64460b56f90f0b8a6af92545509ebd93b44db

    • SSDEEP

      786432:88+kFjTmEfzC10uri5N2tlZLToAb0ABPnBejA0R0IKk1L:89kFjPrC10ubHBOjA0R0QL

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks