Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0150ca403ae96a68321d3529ae13bca57fd36c754a9d03a95b502cdf3221af0f
-
Size
270KB
-
Sample
240201-hcxscsfdak
-
MD5
1eef02b9cecf23c530b292c68a481a1c
-
SHA1
c49760d63d957ebd6c1420ef176c5dadda039702
-
SHA256
0150ca403ae96a68321d3529ae13bca57fd36c754a9d03a95b502cdf3221af0f
-
SHA512
ca98eb08aa7c0fc851ed16ba57ca90a9d4fc98afd40b634ca3e2c0c661037d0a222db1259190acd159be833e6ca6da6c77c7e0084a851386b2ca5004e02e830d
-
SSDEEP
6144:XxohG5el4VQg/U+Dgx3bMAVVzddi6jWGPxF:XxodlK53DgZMSVFjW0x
Static task
static1
Behavioral task
behavioral1
Sample
0150ca403ae96a68321d3529ae13bca57fd36c754a9d03a95b502cdf3221af0f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0150ca403ae96a68321d3529ae13bca57fd36c754a9d03a95b502cdf3221af0f.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
C:\Users\Admin\Contacts\Data breach warning.txt
https://qtox.github.io
http://raworldw32b2qxevn3gp63pvibgixr4v75z62etlptg3u3pmajwra4ad.onion
http://161.35.200.18
https://gofile.io/d/ufuFye
Targets
-
-
Target
0150ca403ae96a68321d3529ae13bca57fd36c754a9d03a95b502cdf3221af0f
-
Size
270KB
-
MD5
1eef02b9cecf23c530b292c68a481a1c
-
SHA1
c49760d63d957ebd6c1420ef176c5dadda039702
-
SHA256
0150ca403ae96a68321d3529ae13bca57fd36c754a9d03a95b502cdf3221af0f
-
SHA512
ca98eb08aa7c0fc851ed16ba57ca90a9d4fc98afd40b634ca3e2c0c661037d0a222db1259190acd159be833e6ca6da6c77c7e0084a851386b2ca5004e02e830d
-
SSDEEP
6144:XxohG5el4VQg/U+Dgx3bMAVVzddi6jWGPxF:XxodlK53DgZMSVFjW0x
Score10/10-
Renames multiple (189) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-