Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
VoiceMod-Full-Version-Setup.zip
-
Size
27.5MB
-
Sample
240730-kazv2szela
-
MD5
877eb37ea80f10570de05fb3b9b4b290
-
SHA1
85559ff8c2a3a346e2da1d53051f213469cb386c
-
SHA256
2bad639d0a1f90525ad56b31641b3bd5fe1310079d1e6abd6bc7889cdc1ff3f5
-
SHA512
f2e224d03cf210f228f9ae2f4597653bf82a001a4650b0645c64adfe9df829b9691c1bd393cdecb90bfb681c002138dd098cff0cede1bb0805f625ba9e78407e
-
SSDEEP
786432:MSmSdoK5sxdV0OrywXGvgW2OHDjRom/pEdiN:bmoVGxdV0O7It2OjjRHxck
Behavioral task
behavioral1
Sample
VoiceMod-Full-Version-Setup/Voicemod_setup.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
VoiceMod-Full-Version-Setup/Voicemod_setup.exe
Resource
win11-20240729-en
Malware Config
Extracted
C:\3R9qG8i3Z.README.txt
https://t.me/mr_robot_unlock
Extracted
C:\3R9qG8i3Z.README.txt
https://t.me/mr_robot_unlock
Targets
-
-
Target
VoiceMod-Full-Version-Setup/Voicemod_setup.exe
-
Size
146KB
-
MD5
3d49478072bf18339ef810c8ea7546b2
-
SHA1
c1047d72d4cdce21af4bb989ad1bee437edb7f80
-
SHA256
e3300e30997c5a355f02ca6972711b2ca843d00a393b62c75818a43c27ff128d
-
SHA512
f47f6a1c51b92cc34a1dc264bc2b151690f1c314c5f97b08530e9efd6929c860985f9410f411cb31e0f3acd75b8969e4791ca9fb080901f6f4cb70322255a91c
-
SSDEEP
3072:A6glyuxE4GsUPnliByocWepU0DxwbL2LUnPaZw:A6gDBGpvEByocWeTDxOL2LScw
Score10/10-
Renames multiple (570) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-