Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c1a1809621329fce9021f0b891e4594a702184daef71bc19adf438389ebaec25.exe
-
Size
270KB
-
Sample
240416-ppg11aad24
-
MD5
0922b67facd189b672670001d2910eca
-
SHA1
140f950dc6d83d80185d75136d5ce72821b83f8e
-
SHA256
c1a1809621329fce9021f0b891e4594a702184daef71bc19adf438389ebaec25
-
SHA512
ed94a848e3a42674054c5c24b7c8bc775ee8e695331a9348b15247b3983ff0cceb3a088329757b8a52398cd850fda2ef7199086479fa4ea1c4e07a916d46536b
-
SSDEEP
6144:XdohG1el4VQg/U+Dgx3bMAVVzddi6jWGPxF:XdoJlK53DgZMSVFjW0x
Static task
static1
Behavioral task
behavioral1
Sample
c1a1809621329fce9021f0b891e4594a702184daef71bc19adf438389ebaec25.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c1a1809621329fce9021f0b891e4594a702184daef71bc19adf438389ebaec25.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
C:\Users\Admin\Contacts\Data breach warning.txt
https://qtox.github.io
http://raworldw32b2qxevn3gp63pvibgixr4v75z62etlptg3u3pmajwra4ad.onion
http://161.35.200.18
https://gofile.io/d/ufuFye
Targets
-
-
Target
c1a1809621329fce9021f0b891e4594a702184daef71bc19adf438389ebaec25.exe
-
Size
270KB
-
MD5
0922b67facd189b672670001d2910eca
-
SHA1
140f950dc6d83d80185d75136d5ce72821b83f8e
-
SHA256
c1a1809621329fce9021f0b891e4594a702184daef71bc19adf438389ebaec25
-
SHA512
ed94a848e3a42674054c5c24b7c8bc775ee8e695331a9348b15247b3983ff0cceb3a088329757b8a52398cd850fda2ef7199086479fa4ea1c4e07a916d46536b
-
SSDEEP
6144:XdohG1el4VQg/U+Dgx3bMAVVzddi6jWGPxF:XdoJlK53DgZMSVFjW0x
Score10/10-
Renames multiple (217) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-