Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
383a5a2688bffe24f6a72a04e0d0c09c80180718db5e834f0357e9053318a0b2
-
Size
251KB
-
Sample
220625-zjapvadea2
-
MD5
4fc33bc1cf2b316adae92fd83db29cc1
-
SHA1
2e4ea25d7243b3f8fb33f3498adb588bdc166cb5
-
SHA256
383a5a2688bffe24f6a72a04e0d0c09c80180718db5e834f0357e9053318a0b2
-
SHA512
3ac544d721f3a578b9ced23cf5d940da4b6fe9374ec3e6e215b0b14e2d9f884f6d0f7c1bf9dc39a50cb1ca779709d89dbad8e2378ae92a060f85c20c24992558
Static task
static1
Behavioral task
behavioral1
Sample
383a5a2688bffe24f6a72a04e0d0c09c80180718db5e834f0357e9053318a0b2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
383a5a2688bffe24f6a72a04e0d0c09c80180718db5e834f0357e9053318a0b2.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-1083475884-596052423-1669053738-1000\_RECOVERY_+gxvlv.txt
teslacrypt
http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/80D3947D55D44F
http://tes543berda73i48fsdfsd.keratadze.at/80D3947D55D44F
http://tt54rfdjhb34rfbnknaerg.milerteddy.com/80D3947D55D44F
http://xlowfznrg4wf7dli.ONION/80D3947D55D44F
Targets
-
-
Target
383a5a2688bffe24f6a72a04e0d0c09c80180718db5e834f0357e9053318a0b2
-
Size
251KB
-
MD5
4fc33bc1cf2b316adae92fd83db29cc1
-
SHA1
2e4ea25d7243b3f8fb33f3498adb588bdc166cb5
-
SHA256
383a5a2688bffe24f6a72a04e0d0c09c80180718db5e834f0357e9053318a0b2
-
SHA512
3ac544d721f3a578b9ced23cf5d940da4b6fe9374ec3e6e215b0b14e2d9f884f6d0f7c1bf9dc39a50cb1ca779709d89dbad8e2378ae92a060f85c20c24992558
Score10/10-
TeslaCrypt, AlphaCrypt
Ransomware based on CryptoLocker. Shut down by the developers in 2016.
-
suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
suricata: ET MALWARE Alphacrypt/TeslaCrypt Ransomware CnC Beacon
-
Executes dropped EXE
-
Deletes itself
-
Adds Run key to start application
-