Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

fa9d1664ef...35.apk

android_x86

10

fa9d1664ef...35.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa9d1664ef9192b50228d7c21589f4fe9f3002faa503b39666a8a3bcd03ed635

  • Size

    6.8MB

  • Sample

    220203-gx1jbadeb5

  • MD5

    57d941c6c2b1425ff9b9679024b8738f

  • SHA1

    b502874681a709e48f3d1ddfa6ae398499f4bd23

  • SHA256

    fa9d1664ef9192b50228d7c21589f4fe9f3002faa503b39666a8a3bcd03ed635

  • SHA512

    e819aa27e999a12eaa6d5f5b756bb8af9cdecb4c0399f9c9a4456398897f7e03547eee07ab907d1cf392879acf4c8084ee011f75c821a07db9d55b53cac995b6

Score
10/10
filecoderandroidransomware

Malware Config

Extracted

Path

res/layout/activity_main.xml

Family

filecoder

Ransom Note
Current State Information Your personal documents and files on this device have just been crypted.The origion files have been completely deleted and will only be recovered by following the steps described below. Document Decryption Operation Guide 1. To obtain the key which will decrypt files,you need to pay the amount of Bitcoin you see at the top of the screen. 2. After the payment is completed, open %s and enter the userid below, you will get the decryption key. 3. Paste the decryption key in the key inputbox below and click the decrypt button.Reboot the phone,all files will be successfully decrypted. Decrypt Key: paste your key here... Useful Information UserID: BTC addr: 16KQjht4ePZxxGPr3es24VQyMYgR9UEkFy !!!Do not delete this APP,or your files will not be back forever!!!
Wallets

16KQjht4ePZxxGPr3es24VQyMYgR9UEkFy

Targets

    • Target

      fa9d1664ef9192b50228d7c21589f4fe9f3002faa503b39666a8a3bcd03ed635

    • Size

      6.8MB

    • MD5

      57d941c6c2b1425ff9b9679024b8738f

    • SHA1

      b502874681a709e48f3d1ddfa6ae398499f4bd23

    • SHA256

      fa9d1664ef9192b50228d7c21589f4fe9f3002faa503b39666a8a3bcd03ed635

    • SHA512

      e819aa27e999a12eaa6d5f5b756bb8af9cdecb4c0399f9c9a4456398897f7e03547eee07ab907d1cf392879acf4c8084ee011f75c821a07db9d55b53cac995b6

    Score
    10/10
    filecoderransomware

    • Filecoder.C

      A ransomware family that spreads to other victims via SMS.

      ransomwarefilecoder

    • Legitimate hosting services abused for malware hosting/C2

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks