Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ZagreuS.Ransom_se.bin.exe
-
Size
803KB
-
Sample
230306-yktcxaeb5y
-
MD5
99885a3cd64212e5d210c9db4bcae5b1
-
SHA1
806d2c572e6b247a6d899ad4af840ecbf1f968f6
-
SHA256
537a2fd4d214a212df06fb73b19ba945672eaf18d64cc30d8e99ab6a0d7cb9ba
-
SHA512
f6b5ad9d4bd9c797a1b27c6c078d2a605cd24be6fbcb30016a0b81d00081d6695b29b0ab4bc9e66438eb3769c51df9920d9da8d6260cbc45c52cfb140fea0ab0
-
SSDEEP
12288:bDCpAivL03RuebsXkA4uHP/LoyP2VNp6DHpeH+vJxbLWXKy1ypdQhjE+FwSoh:n2ghuebsYuHP/syP+WpeH+zLuBhQSoh
Static task
static1
Behavioral task
behavioral1
Sample
ZagreuS.Ransom_se.bin.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ZagreuS.Ransom_se.bin.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\Users\Admin\Videos\HELP_DECRYPT_YOUR_FILES.txt
Targets
-
-
Target
ZagreuS.Ransom_se.bin.exe
-
Size
803KB
-
MD5
99885a3cd64212e5d210c9db4bcae5b1
-
SHA1
806d2c572e6b247a6d899ad4af840ecbf1f968f6
-
SHA256
537a2fd4d214a212df06fb73b19ba945672eaf18d64cc30d8e99ab6a0d7cb9ba
-
SHA512
f6b5ad9d4bd9c797a1b27c6c078d2a605cd24be6fbcb30016a0b81d00081d6695b29b0ab4bc9e66438eb3769c51df9920d9da8d6260cbc45c52cfb140fea0ab0
-
SSDEEP
12288:bDCpAivL03RuebsXkA4uHP/LoyP2VNp6DHpeH+vJxbLWXKy1ypdQhjE+FwSoh:n2ghuebsYuHP/syP+WpeH+zLuBhQSoh
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-