Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
38263d5d34ed82028ea2f415d89191b3ee41e07f95227c16b0508aff996a3111
-
Size
270KB
-
Sample
240201-h931msecf2
-
MD5
6168cd6f30fc65e735163266863e9c41
-
SHA1
2a24f91e38f27b97320b9b085eb8e0dac4e9079d
-
SHA256
38263d5d34ed82028ea2f415d89191b3ee41e07f95227c16b0508aff996a3111
-
SHA512
e7009c1c01640fa5a2375da53f076d3119ebfee03c4418274f2cd6eda5d2bf3beafaf696bd177ca831d8b75dfff7a2eeb6a5f68a5261e925c935709b6c4cde17
-
SSDEEP
6144:XqohGlel4VQg/U+Dgx3bMAVVzddi6jWGPxF:XqoplK53DgZMSVFjW0x
Static task
static1
Behavioral task
behavioral1
Sample
38263d5d34ed82028ea2f415d89191b3ee41e07f95227c16b0508aff996a3111.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
38263d5d34ed82028ea2f415d89191b3ee41e07f95227c16b0508aff996a3111.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
C:\Users\Admin\Contacts\Data breach warning.txt
https://qtox.github.io
http://raworldw32b2qxevn3gp63pvibgixr4v75z62etlptg3u3pmajwra4ad.onion
http://161.35.200.18
https://gofile.io/d/ufuFye
Targets
-
-
Target
38263d5d34ed82028ea2f415d89191b3ee41e07f95227c16b0508aff996a3111
-
Size
270KB
-
MD5
6168cd6f30fc65e735163266863e9c41
-
SHA1
2a24f91e38f27b97320b9b085eb8e0dac4e9079d
-
SHA256
38263d5d34ed82028ea2f415d89191b3ee41e07f95227c16b0508aff996a3111
-
SHA512
e7009c1c01640fa5a2375da53f076d3119ebfee03c4418274f2cd6eda5d2bf3beafaf696bd177ca831d8b75dfff7a2eeb6a5f68a5261e925c935709b6c4cde17
-
SSDEEP
6144:XqohGlel4VQg/U+Dgx3bMAVVzddi6jWGPxF:XqoplK53DgZMSVFjW0x
Score10/10-
Renames multiple (213) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-