Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.zip
-
Size
983KB
-
Sample
240213-zksl2sad89
-
MD5
fd75ea6206cf89da6b785648f1720f1f
-
SHA1
57cfd73d7a3b6448675d68fd8cfc6c3bd12e5e80
-
SHA256
0b341939797aa4b9ed2f734a16ddc6fb3a4b11fddd98b5ced4e4fc1e54fa2f76
-
SHA512
83c16aeac9181ad7f6ffe1f43f88098eac79feb32b14ce6fb121ddd301aa05b9108ec23f67b2aa219752fc767553a1e6c704e87749e64f3cafd70a46be3f94d1
-
SSDEEP
24576:VYwpslkcqY3sR1SuwmRBx253q57ulgju6eRZiUaKqFPN:m6kkUUHDHxY4uyC6JJN
Static task
static1
Behavioral task
behavioral1
Sample
0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\README_TO_DECRYPT.txt
https://qtox.github.io
https://tox.chat/download.html
Extracted
C:\Program Files\Common Files\README_TO_DECRYPT.txt
https://qtox.github.io
https://tox.chat/download.html
Targets
-
-
Target
0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
-
Size
2.2MB
-
MD5
0608c64c57dcc09246be00f0b2767e6e
-
SHA1
02642663bfc7be0c06051f4b01c9861102c71850
-
SHA256
0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985
-
SHA512
1c61fa21fd94c58349e8c2713828fa807bf44a3a00054cd1a11ab46ec74df4f0be00db245f4cce844b72bf8181e6c636490726ddc4f9d6211469429429ddb138
-
SSDEEP
24576:Hle0XU/NWp6jCcuYTQn095MmQdg4M/YJFweQDfj0OL2wwU+T8nQl/skT9Fs1g0jv:HiG2ekwA1e7i49vZGqsCz9/47Evz1z1
Score10/10-
Clears Windows event logs
-
Renames multiple (174) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-