Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Trojan-Ransom.Win32.Blocker.kxed-4b68fd89f8a1fc7eea3c478c74c0677e280a94410906e85eb715a65dad31623c
-
Size
1.0MB
-
Sample
221107-mfr4habeb7
-
MD5
985ee7dc0de6c5081bf40ba08b93d37b
-
SHA1
9386445adf364543c10c8f11cef54cfcd4fdd54f
-
SHA256
4b68fd89f8a1fc7eea3c478c74c0677e280a94410906e85eb715a65dad31623c
-
SHA512
ee5210ed05280eb101df79b6e0044c85fd7f222f6c0e8b25998bbfecadf6813276c35b42d661fe6d7739e94c249c3975941d35ee4d2ad48f99485b778e9a71ee
-
SSDEEP
24576:gljS8/Ns4q86Oh1Jp9cAnlwDUctAaxu19GroaJqlZJhUr:x8u4q8xXTeAnEUc6CuWroaJqFhUr
Malware Config
Extracted
http://93.115.82.248/?0=1&1=0&2=9&3=i&4=7601&5=1&6=1111&7=fbwicfagwq
Extracted
http://93.115.82.248/?0=1&1=0&2=9&3=i&4=9200&5=1&6=1111&7=uphdidcbbh
Targets
-
-
Target
Trojan-Ransom.Win32.Blocker.kxed-4b68fd89f8a1fc7eea3c478c74c0677e280a94410906e85eb715a65dad31623c
-
Size
1.0MB
-
MD5
985ee7dc0de6c5081bf40ba08b93d37b
-
SHA1
9386445adf364543c10c8f11cef54cfcd4fdd54f
-
SHA256
4b68fd89f8a1fc7eea3c478c74c0677e280a94410906e85eb715a65dad31623c
-
SHA512
ee5210ed05280eb101df79b6e0044c85fd7f222f6c0e8b25998bbfecadf6813276c35b42d661fe6d7739e94c249c3975941d35ee4d2ad48f99485b778e9a71ee
-
SSDEEP
24576:gljS8/Ns4q86Oh1Jp9cAnlwDUctAaxu19GroaJqlZJhUr:x8u4q8xXTeAnEUc6CuWroaJqFhUr
Score10/10-
UAC bypass
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-