Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4ec8cb9d91bd97d75b86d7a22e0caf499c5fbc9edc4a48d838bf77610a736d30.zip

  • Size

    476KB

  • Sample

    221206-3qv6xahe8y

  • MD5

    e4522fb73a3c613682a207882bbceb9c

  • SHA1

    84eb29cb4b0c97a48f2daa295197ed66cdc80771

  • SHA256

    b9d85a794dc76d2067d0167e3b86dbe16f65d87f73ad3d616102edd4f7feeccc

  • SHA512

    1df93996a5905d2de6f310a05aea614e1911f0eea4e6595c6ebee032eaa6555c3c27d69a437f58f2eb1c90e5591dfcb92c3e7519c00630073f3b5797386509b1

  • SSDEEP

    12288:T82RW/7VttQP28+aU3woKi8Bk4794iZ1h:5s/7VtPombfc4q

Score
10/10

Malware Config

Extracted

Path

C:\users\admin\contacts\!!FAQ for Decryption!!.txt

Ransom Note
Good day. All your files are encrypted. For decryption contact us. Write here [email protected] We also inform that your databases, ftp server and file server were downloaded by us to our servers. * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss.

Targets

    • Target

      bcf0f202db47ca671ed6146040795e3c8315b7fb4f886161c675d4ddf5fdd0c4

    • Size

      476KB

    • MD5

      3e96efd37777cc01cabb3401485297aa

    • SHA1

      f008e568c313b6f41406658a77313f89df07017e

    • SHA256

      bcf0f202db47ca671ed6146040795e3c8315b7fb4f886161c675d4ddf5fdd0c4

    • SHA512

      6d864561c6b1e33229da4181ecb14c8358ef3fbcdb996131d87a0b98fb3c4d8453fed4331c8b1d939546b6a7cb246f294bf82ca21799728f114b95d176ace691

    • SSDEEP

      6144:0qejsgRNGKhy9zzMOss2XWrccaaXCunmifiTbRF7WKHBQAk6Fjt0laAOzrJroCFQ:0m0ymOjZRaMhuF7LhQF6Mla7bu

    Score
    10/10
    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Deletes itself

MITRE ATT&CK Matrix

Tasks