Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

seven ransomware.apk

android_x86

10

seven ransomware.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    seven ransomware.apk

  • Size

    6.8MB

  • Sample

    211011-j9fe1sgfgj

  • MD5

    73d0f5db820e8b491365e3faa9b55498

  • SHA1

    d5ef600aa1c01fa200ed46140c8308637f09dfcd

  • SHA256

    61f73bf90c3234faeb8aa7c90f24fa3f7a3a1d38b2e94d40ce96a21e7320fd28

  • SHA512

    796c47b244bf7d871eb0c0e43dd1b8eed86d15c00a5128ae7740bf87c0b5fcbe9787ee133f739ee0dd5986bee49075208bb768718db12590b2c7073ebe1ed89b

Score
10/10
filecoderandroidobfuscationransomware

Malware Config

Extracted

Path

res/layout/activity_main.xml

Family

filecoder

Ransom Note
Current State Information Your personal documents and files on this device have just been crypted.The origion files have been completely deleted and will only be recovered by following the steps described below. Document Decryption Operation Guide 1. To obtain the key which will decrypt files,you need to pay the amount of Bitcoin you see at the top of the screen. 2. After the payment is completed, open %s and enter the userid below, you will get the decryption key. 3. Paste the decryption key in the key inputbox below and click the decrypt button.Reboot the phone,all files will be successfully decrypted. Decrypt Key: paste your key here... Useful Information UserID: BTC addr: 16KQjht4ePZxxGPr3es24VQyMYgR9UEkFy !!!Do not delete this APP,or your files will not be back forever!!!
Wallets

16KQjht4ePZxxGPr3es24VQyMYgR9UEkFy

Targets

    • Target

      seven ransomware.apk

    • Size

      6.8MB

    • MD5

      73d0f5db820e8b491365e3faa9b55498

    • SHA1

      d5ef600aa1c01fa200ed46140c8308637f09dfcd

    • SHA256

      61f73bf90c3234faeb8aa7c90f24fa3f7a3a1d38b2e94d40ce96a21e7320fd28

    • SHA512

      796c47b244bf7d871eb0c0e43dd1b8eed86d15c00a5128ae7740bf87c0b5fcbe9787ee133f739ee0dd5986bee49075208bb768718db12590b2c7073ebe1ed89b

    Score
    10/10
    filecoderobfuscationransomware

    • Filecoder.C

      A ransomware family that spreads to other victims via SMS.

      ransomwarefilecoder

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Legitimate hosting services abused for malware hosting/C2

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks