Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

924e8a1c0d...20.apk

android_x86

10

924e8a1c0d...20.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    924e8a1c0d7fba2b069b5ce514c45d0835c474a4ce146263cd1d27d405904420.apk

  • Size

    6.8MB

  • Sample

    220605-p4a61aefhr

  • MD5

    f07b8cc1e331ec181031a0d90fbffb85

  • SHA1

    f31c67ccc0d1867db1fbc43762fcf83746a408c2

  • SHA256

    924e8a1c0d7fba2b069b5ce514c45d0835c474a4ce146263cd1d27d405904420

  • SHA512

    e2fdf39bdc5b3861b3185a575470e5612ec9a99047c2ef1ab499415872d007e6acf54b4e4fe155f27b905a6e8feb58bb44479b5080c5cf31266dded1541e3520

Score
10/10
filecoderandroidevasionransomware

Malware Config

Extracted

Path

res/layout/activity_main.xml

Family

filecoder

Ransom Note
Current State Information Your personal documents and files on this device have just been crypted.The origion files have been completely deleted and will only be recovered by following the steps described below. Document Decryption Operation Guide 1. To obtain the key which will decrypt files,you need to pay the amount of Bitcoin you see at the top of the screen. 2. After the payment is completed, open %s and enter the userid below, you will get the decryption key. 3. Paste the decryption key in the key inputbox below and click the decrypt button.Reboot the phone,all files will be successfully decrypted. Decrypt Key: paste your key here... Useful Information UserID: BTC addr: 16KQjht4ePZxxGPr3es24VQyMYgR9UEkFy !!!Do not delete this APP,or your files will not be back forever!!!
Wallets

16KQjht4ePZxxGPr3es24VQyMYgR9UEkFy

Targets

    • Target

      924e8a1c0d7fba2b069b5ce514c45d0835c474a4ce146263cd1d27d405904420.apk

    • Size

      6.8MB

    • MD5

      f07b8cc1e331ec181031a0d90fbffb85

    • SHA1

      f31c67ccc0d1867db1fbc43762fcf83746a408c2

    • SHA256

      924e8a1c0d7fba2b069b5ce514c45d0835c474a4ce146263cd1d27d405904420

    • SHA512

      e2fdf39bdc5b3861b3185a575470e5612ec9a99047c2ef1ab499415872d007e6acf54b4e4fe155f27b905a6e8feb58bb44479b5080c5cf31266dded1541e3520

    Score
    10/10
    filecoderevasionransomware

    • Filecoder.C

      A ransomware family that spreads to other victims via SMS.

      ransomwarefilecoder

    • Legitimate hosting services abused for malware hosting/C2

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks