Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

encrypt-a5.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    encrypt-a5.exe

  • Size

    1.2MB

  • Sample

    240514-nap8dsdb3z

  • MD5

    d00f28fb1535c8afcd0490f0375004a7

  • SHA1

    6bf4a39c6cb4e8b25711c887e07341350c967656

  • SHA256

    b7654787ab61390204860b9b20ef1124b5ca2a0c8692ef97076107a382a64dd6

  • SHA512

    a4e243f679a6615c0cc69b48a4fe363f48b0a9b3057cafb2b13d0bb776e9a3f2a214695315f48d06cd700db91aaec32e826edce59515f0452432bc3a27eb38c6

  • SSDEEP

    24576:k5HHtGCozKH1pNxek1kL4f+a1K7MD/TYw3jrDulz9rhTpJi4:2HHtBozKH13xcpcD/TBP+zlhTpJi4

Score
10/10
lockergogabankerpersistenceransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Public\Desktop\README_LOCKED.txt

Ransom Note
Greetings! There was a significant flaw in the security system of your company. You should be thankful that the flaw was exploited by serious people and not some rookies. They would have damaged all of your data by mistake or for fun. Your files are encrypted with the strongest military algorithms RSA4096 and AES-256. Without our special decoder it is impossible to restore the data. Attempts to restore your data with third party software as Photorec, RannohDecryptor etc. will lead to irreversible destruction of your data. To confirm our honest intentions. Send us 2-3 different random files and you will get them decrypted. It can be from different computers on your network to be sure that our decoder decrypts everything. Sample files we unlock for free (files should not be related to any kind of backups). We exclusively have decryption software for your situation DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME the encrypted files. DO NOT MOVE the encrypted files. This may lead to the impossibility of recovery of the certain files. The payment has to be made in Bitcoins. The final price depends on how fast you contact us. As soon as we receive the payment you will get the decryption tool and instructions on how to improve your systems security To get information on the price of the decoder contact us at: [email protected] [email protected]

Targets

    • Target

      encrypt-a5.exe

    • Size

      1.2MB

    • MD5

      d00f28fb1535c8afcd0490f0375004a7

    • SHA1

      6bf4a39c6cb4e8b25711c887e07341350c967656

    • SHA256

      b7654787ab61390204860b9b20ef1124b5ca2a0c8692ef97076107a382a64dd6

    • SHA512

      a4e243f679a6615c0cc69b48a4fe363f48b0a9b3057cafb2b13d0bb776e9a3f2a214695315f48d06cd700db91aaec32e826edce59515f0452432bc3a27eb38c6

    • SSDEEP

      24576:k5HHtGCozKH1pNxek1kL4f+a1K7MD/TYw3jrDulz9rhTpJi4:2HHtBozKH13xcpcD/TBP+zlhTpJi4

    Score
    10/10
    lockergogabankerpersistenceransomwarespywarestealertrojan

    • LockerGoga

      LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.

      trojanbankerlockergoga

    • Renames multiple (3944) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Modifies Installed Components in the registry

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks