Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8c5385fccd...07.exe

windows7-x64

10

8c5385fccd...07.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c5385fccd9d705cca3f3e85227db53c67cfe19ae5460b4335bcf39a32c9ff07

  • Size

    714KB

  • Sample

    221001-2e5ersabf8

  • MD5

    6d83d702fad47bf24a04c4b3e2c9d930

  • SHA1

    e706a46e3bbb821e8f4aec1f3e488be1504b855b

  • SHA256

    8c5385fccd9d705cca3f3e85227db53c67cfe19ae5460b4335bcf39a32c9ff07

  • SHA512

    62cda9516333dfe92d4099f2cc25d8e434ac23abc28dbd522695b200a4a1545473a6a419bd9ac8fadb54283980a82f37d1faa2ab32df92a9d10e74750c58499d

  • SSDEEP

    12288:mSuYrHkpL3KyptgMzPez1OkvHj3CfL0PzGJRZLB3LE:X1kpL3KyAWPez1fD3mLIzGvZt3LE

Score
10/10
ctblockerransomware

Malware Config

Extracted

Path

C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\!Decrypt-All-Files-wmajicl.txt

Ransom Note
Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. If you see the main locker window, follow the instructions on the locker. Overwise, it's seems that you or your antivirus deleted the locker program. Now you have the last chance to decrypt your files. Open http://43qzvceo6ondd6wt.onion.cab or http://43qzvceo6ondd6wt.tor2web.org in your browser. They are public gates to the secret server. If you have problems with gates, use direct connection: 1. Download Tor Browser from http://torproject.org 2. In the Tor Browser open the http://43qzvceo6ondd6wt.onion/ Note that this server is available via Tor Browser only. Retry in 1 hour if site is not reachable. Copy and paste the following public key in the input form on server. Avoid missprints. TAL7KOI-LVEQOPT-FUZNGTP-STQJY5V-ERBNJ6P-HXCDA7Q-JTWXYJO-VXKLDTN F6RAZB5-SHYXV6T-CSCGRJM-X5RP34E-JYIZB6L-LIORROH-HPARHSJ-5FTWZ4I E6VKFIV-RJHJTVJ-67S26Z6-KH4Q3Y2-MVVGVUT-JTAHZFD-VHSQJ63-CEKV44L Follow the instructions on the server.
URLs

http://43qzvceo6ondd6wt.onion.cab

http://43qzvceo6ondd6wt.tor2web.org

http://43qzvceo6ondd6wt.onion/

Targets

    • Target

      8c5385fccd9d705cca3f3e85227db53c67cfe19ae5460b4335bcf39a32c9ff07

    • Size

      714KB

    • MD5

      6d83d702fad47bf24a04c4b3e2c9d930

    • SHA1

      e706a46e3bbb821e8f4aec1f3e488be1504b855b

    • SHA256

      8c5385fccd9d705cca3f3e85227db53c67cfe19ae5460b4335bcf39a32c9ff07

    • SHA512

      62cda9516333dfe92d4099f2cc25d8e434ac23abc28dbd522695b200a4a1545473a6a419bd9ac8fadb54283980a82f37d1faa2ab32df92a9d10e74750c58499d

    • SSDEEP

      12288:mSuYrHkpL3KyptgMzPez1OkvHj3CfL0PzGJRZLB3LE:X1kpL3KyAWPez1fD3mLIzGvZt3LE

    Score
    10/10
    ctblockerransomware

    • CTB-Locker

      Ransomware family which uses Tor to hide its C2 communications.

      ransomwarectblocker

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks