Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Trojan-Ransom.Win32.Blocker.ckeq-eacfff847a40d29a12e17075b5e36bb741c6cd41c694556d14ed63be098ca974
-
Size
564KB
-
Sample
221106-tfbj3sace9
-
MD5
08f1c0665abb76735cf733a018f3c76e
-
SHA1
14966a4e6c22337c05487bfb732a588733616ef0
-
SHA256
eacfff847a40d29a12e17075b5e36bb741c6cd41c694556d14ed63be098ca974
-
SHA512
08859f9a0fb9dfa5c3a12d17a9df5ebe3cd32830456f294b97f6d309850345cfa869897ee8df3fcb5ffac2b083e20c2da4862d8362235f033d4bbd7e50647791
-
SSDEEP
6144:B8XXRUw9Oz5+iUU03pej1YpTYzOb0kLXhlJFTaLTGu0yvHcr+JB8aU:qnRy+ZyYpaCDJFuPyAHcqrU
Malware Config
Targets
-
-
Target
Trojan-Ransom.Win32.Blocker.ckeq-eacfff847a40d29a12e17075b5e36bb741c6cd41c694556d14ed63be098ca974
-
Size
564KB
-
MD5
08f1c0665abb76735cf733a018f3c76e
-
SHA1
14966a4e6c22337c05487bfb732a588733616ef0
-
SHA256
eacfff847a40d29a12e17075b5e36bb741c6cd41c694556d14ed63be098ca974
-
SHA512
08859f9a0fb9dfa5c3a12d17a9df5ebe3cd32830456f294b97f6d309850345cfa869897ee8df3fcb5ffac2b083e20c2da4862d8362235f033d4bbd7e50647791
-
SSDEEP
6144:B8XXRUw9Oz5+iUU03pej1YpTYzOb0kLXhlJFTaLTGu0yvHcr+JB8aU:qnRy+ZyYpaCDJFuPyAHcqrU
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-