Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bbc[1].bin.zip
-
Size
74KB
-
Sample
210204-ly3zbkesme
-
MD5
829756303b52c23a6b89ee5d0c06098a
-
SHA1
a9373a5f1135b57500dd3d420a8f559852130345
-
SHA256
f42f289579c0ea0fb6e03342144718ac553d8f157155bd854084719291be84e8
-
SHA512
50b6009bf3ec6d1f33ee722a908d7a05503df41956b75963f90c9e56ad90b2d78b4b2e9918ba6421ea471095ea1f879b2cb10197aedb80a854b84974fb18df4a
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\AppData\Local\Temp\RESTORE_FILES_INFO.txt
Ransom Note
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
We also downloaded your corporate files (databases, tables, accounting information, etc.) and we will have to publish them if you do not agree to cooperation.
To get this software you need write on our e-mail: [email protected]
Reserve e-mail address to contact us: [email protected]
Key Identifier:
e6T+KEs17/kRgMH/kQhnlx8WNKXYY2gMkcuTkUPyeuQSo9kkn6XQNYwIhK+gn2v9L4bXpg9x5KkZfo3z6E2ZBTKJKZBCzYCZn8+HBraX1txaeHOnQU4t8XPD4X04kAtC5/h/yIAhoNSDLj2PEE0A17DLoEQ06HQyDgfRCoNyhbXvOyHRL95fDEBzIFGpvqXGwtYV9U5RTr6E/8ryes0m0Bfv7U5AuDLS9HUzRxsMts9aeXC+2e6HgOnx5ljujwUSpkO5IbHmC4avfNIPomLjwLRSbnUFfaybWRAltLswZZ0BJR63jSp8b4/Ds/mp0728Ij4OoAvqC7VzEyp/YmTwMmCJvz/aYRcwdHRjSzh0GxxK2B+MFQvDArhbTmjKEJ8Hpm2L81SlIQpyn3zSzv28W18b7o++/VDrRyjkVAK6+qMBrqO2nfXoKM7XDkNrUT5U2JHDQ1vKtGOK4GxpDY5u3zyUC6mbhsWNp77QGr77M51pE0BSoYGvS6wGRUwdTUEN8XoZr0X2s2df0pAY3ka7niAXloEwL27BS1Z52h0NuQacgsOBzctM7nq9bqJ8LFMfqUgBFgQT4pm2zpvasRAMmt08FAoAbtBVaBZKVy6pH3HbDZV8aoOF2qdbN1ZfxvEpI7NngTDG5687WOnsvDiVGJulsQmRuyNoNbO+/sn8vq8=
Extracted
Path
C:\Users\Admin\Desktop\RESTORE_FILES_INFO.txt
Ransom Note
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
We also downloaded your corporate files (databases, tables, accounting information, etc.) and we will have to publish them if you do not agree to cooperation.
To get this software you need write on our e-mail: [email protected]
Reserve e-mail address to contact us: [email protected]
Key Identifier:
e6T+KEs17/kRgMH/kQhnlx8WNKXYY2gMkcuTkUPyeuQSo9kkn6XQNYwIhK+gn2v9L4bXpg9x5KkZfo3z6E2ZBTKJKZBCzYCZn8+HBraX1txaeHOnQU4t8XPD4X04kAtC5/h/yIAhoNSDLj2PEE0A17DLoEQ06HQyDgfRCoNyhbXvOyHRL95fDEBzIFGpvqXGwtYV9U5RTr6E/8ryes0m0Bfv7U5AuDLS9HUzRxsMts9aeXC+2e6HgOnx5ljujwUSpkO5IbHmC4avfNIPomLjwLRSbnUFfaybWRAltLswZZ0BJR63jSp8b4/Ds/mp0728Ij4OoAvqC7VzEyp/YmTwMmCJvz/aYRcwdHRjSzh0GxxK2B+MFQvDArhbTmjKEJ8Hpm2L81SlIQpyn3zSzv28W18b7o++/VDrRyjkVAK6+qMBrqO2nfXoKM7XDkNrUT5U2JHDQ1vKtGOK4GxpDY5u3zyUC6mbhsWNp77QGr77M51pE0BSoYGvS6wGRUwdTUEN8XoZr0X2s2df0pAY3ka7niAXloEwL27BS1Z52h0NuQacgsOBzctM7nq9bqJ8LFMfqUgBFgQT4pm2zpvasRAMmt08FAoAbtBVaBZKVy6pH3HbDZV8aoOF2qdbN1ZfxvEpI7NngTDG5687WOnsvDiVGJulsQmRuyNoNbO+/sn8vq8=
Number of files that were processed is: 68
Extracted
Path
C:\Users\Admin\AppData\Local\Temp\RESTORE_FILES_INFO.txt
Ransom Note
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
We also downloaded your corporate files (databases, tables, accounting information, etc.) and we will have to publish them if you do not agree to cooperation.
To get this software you need write on our e-mail: [email protected]
Reserve e-mail address to contact us: [email protected]
Key Identifier:
G9YzkxdhROX9K7TkivUhV5mz8r5i0LTEWio5Rme01VfPgwYQN1Pj6ZgRxBdIDdRJqsvxsOffZRq2edhIblNm0QMZDYHevK/w/b2muhKlbfydG2nXhUCwuKplSjR1Z6H/SzVYLWe83tVKPo85CwP+xVXLbhu/qEnEOPH0AX5UL6Np2G0d/cRkkIwfu/iUXnUwCzno9l2EYe+05ph7I6j4TGK5WWKcVhqEC8aZfhaD4UGRssHa+xPlIuQRAgwT4Yic5UsIxb0iz+s+VI6tZH169IAJipzoPdmxBA/mJH4h3CW+4As0WMTh1YuexPqR9Gn82FLdsP9EiX6McI0wVAAswYJ65wNXWhBa/9eFNZJuaUbzFPritH+I7fd7G0EeK4Jyczs2BoNWVnFRiQnvAy99yhONrptL3t6HCNS1U4+gDyH7+zIeds1efdwELRKkdPJV3xAPv0vRco9CTKIVfmYQpb668Zr905VOiyxaIqgEJYCRkzf9NTKpwE1vsZ2yCbzVHMVae/NVdvDsMK7BT2uGqTl2GTSZVAizpkQJxbV0V/V/YwaBhvMIoR0BuD4987n8vhgeD+9Ducd5sAOtjVt5UyRnVv/nlbveSqXlhPEu8bMjOH+K9BZOQ5yZKEGIgivqFpf+zJyO4qtp64jI66AmECq2aa2bywZ5JfzGXBOm3gE=
Extracted
Path
C:\Users\Admin\Desktop\RESTORE_FILES_INFO.txt
Ransom Note
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
We also downloaded your corporate files (databases, tables, accounting information, etc.) and we will have to publish them if you do not agree to cooperation.
To get this software you need write on our e-mail: [email protected]
Reserve e-mail address to contact us: [email protected]
Key Identifier:
G9YzkxdhROX9K7TkivUhV5mz8r5i0LTEWio5Rme01VfPgwYQN1Pj6ZgRxBdIDdRJqsvxsOffZRq2edhIblNm0QMZDYHevK/w/b2muhKlbfydG2nXhUCwuKplSjR1Z6H/SzVYLWe83tVKPo85CwP+xVXLbhu/qEnEOPH0AX5UL6Np2G0d/cRkkIwfu/iUXnUwCzno9l2EYe+05ph7I6j4TGK5WWKcVhqEC8aZfhaD4UGRssHa+xPlIuQRAgwT4Yic5UsIxb0iz+s+VI6tZH169IAJipzoPdmxBA/mJH4h3CW+4As0WMTh1YuexPqR9Gn82FLdsP9EiX6McI0wVAAswYJ65wNXWhBa/9eFNZJuaUbzFPritH+I7fd7G0EeK4Jyczs2BoNWVnFRiQnvAy99yhONrptL3t6HCNS1U4+gDyH7+zIeds1efdwELRKkdPJV3xAPv0vRco9CTKIVfmYQpb668Zr905VOiyxaIqgEJYCRkzf9NTKpwE1vsZ2yCbzVHMVae/NVdvDsMK7BT2uGqTl2GTSZVAizpkQJxbV0V/V/YwaBhvMIoR0BuD4987n8vhgeD+9Ducd5sAOtjVt5UyRnVv/nlbveSqXlhPEu8bMjOH+K9BZOQ5yZKEGIgivqFpf+zJyO4qtp64jI66AmECq2aa2bywZ5JfzGXBOm3gE=
Number of files that were processed is: 144
Targets
-
-
Target
bbc[1].exe
-
Size
88KB
-
MD5
59d9faec26f0c3be5c84225f575ae225
-
SHA1
b4371c2c078f1e56dd7637e3660b139f7288938b
-
SHA256
5fd33c0fb29103a7323c1ea97015ee932f99d454731be58f7db6988f10c115b8
-
SHA512
58eca88c39ad81d8ac7789e658a79044026de14ddd0654456165eff8602d01d6553e82192e10090406d0aa7eb2db52d25da84047d7ce6a63bab12366c157665a
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
TeslaCrypt, AlphaCrypt
Ransomware based on CryptoLocker. Shut down by the developers in 2016.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Windows security modification
-