Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    HEUR-Trojan-Ransom.MSIL.Agent.gen-02db375475c56ba5c97f602e4c2eea8cac66e08d9a31ec7efabe35210b0d0aa1.exe

  • Size

    49KB

  • Sample

    220921-enhwssaeeq

  • MD5

    5e685c7264d47dd21ebfa36a9437d142

  • SHA1

    0984924bd1ff568a94e16240935c03a91e7a8ddf

  • SHA256

    02db375475c56ba5c97f602e4c2eea8cac66e08d9a31ec7efabe35210b0d0aa1

  • SHA512

    bd7b34592aecaa4184c191159acc7724a0f393efe98673a36596ff7665e9415b49238293f187a36564287e8cfdbb7478fc1759f81a3b5d9b52c3f7e47b5cf294

  • SSDEEP

    768:bqo2mpeWxyfr9+d4mZryx7L2ksQ1QCEez:2o2Ixyfr9+dsx32XKZz

Malware Config

Targets

    • Target

      HEUR-Trojan-Ransom.MSIL.Agent.gen-02db375475c56ba5c97f602e4c2eea8cac66e08d9a31ec7efabe35210b0d0aa1.exe

    • Size

      49KB

    • MD5

      5e685c7264d47dd21ebfa36a9437d142

    • SHA1

      0984924bd1ff568a94e16240935c03a91e7a8ddf

    • SHA256

      02db375475c56ba5c97f602e4c2eea8cac66e08d9a31ec7efabe35210b0d0aa1

    • SHA512

      bd7b34592aecaa4184c191159acc7724a0f393efe98673a36596ff7665e9415b49238293f187a36564287e8cfdbb7478fc1759f81a3b5d9b52c3f7e47b5cf294

    • SSDEEP

      768:bqo2mpeWxyfr9+d4mZryx7L2ksQ1QCEez:2o2Ixyfr9+dsx32XKZz

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks