Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

bin/decrypt-a6.exe

windows10-1703-x64

1

bin/encrypt-a6.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bin.7z

  • Size

    556KB

  • Sample

    240514-nwwmased73

  • MD5

    99626bf73b438a05718a960492c036e9

  • SHA1

    cddbbb294c39b882937816bc15fb604efac39911

  • SHA256

    baf77681223525bce1b7ff865cce029437da3f52baf917113813f9eb948cfe31

  • SHA512

    e530c8f689769325bb9a003060cfedf3e43c10725933f640dbe5806c04bc286ab25f50574e9e763d9b12020918125257a801de2d00c555c9a68d3e8978543bd4

  • SSDEEP

    12288:daiGGq9DjgP6wTkxAk+yZtbHPI8nLU86LCSxdORI+Mw/iv9/PGxe:kiGGYjgS9AuZ9HPI1eSPOi+Mw/iZZ

Score
10/10
lockergogabankerransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Public\Desktop\README_LOCKED.txt

Ransom Note
Greetings! There was a significant flaw in the security system of your company. You should be thankful that the flaw was exploited by serious people and not some rookies. They would have damaged all of your data by mistake or for fun. Your files are encrypted with the strongest military algorithms RSA4096 and AES-256. Without our special decoder it is impossible to restore the data. Attempts to restore your data with third party software as Photorec, RannohDecryptor etc. will lead to irreversible destruction of your data. To confirm our honest intentions. Send us 2-3 different random files and you will get them decrypted. It can be from different computers on your network to be sure that our decoder decrypts everything. Sample files we unlock for free (files should not be related to any kind of backups). We exclusively have decryption software for your situation DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME the encrypted files. DO NOT MOVE the encrypted files. This may lead to the impossibility of recovery of the certain files. The payment has to be made in Bitcoins. The final price depends on how fast you contact us. As soon as we receive the payment you will get the decryption tool and instructions on how to improve your systems security To get information on the price of the decoder contact us at: [email protected] [email protected]

Targets

    • Target

      bin/decrypt-a6.exe

    • Size

      949KB

    • MD5

      4791410eb1f7791580d0b52ffe059d85

    • SHA1

      965398fdf41237025165690ce05c45f234dd6482

    • SHA256

      4c2a6d46e5e5963a213638c8db97223f7fc5407824af01c504096dd85e5ba8f6

    • SHA512

      9d3fbdfecee773257f202b6393ec3682037a95e4e1b986830b6ed73ea93f4927c331a68572b60c7a4abc87cb8326b33255d371eb4efaf90e9cf2391abcce7efa

    • SSDEEP

      24576:HpiXhwGNyLRuBHs8AmDDXw9QXwnXiee06BuAoHt+:JiXy+Hs8AmSipBuAoHt+

    Score
    1/10
    behavioral1

    • Target

      bin/encrypt-a6.exe

    • Size

      1.2MB

    • MD5

      5acd44e55624702c306d1a2428ae5c7e

    • SHA1

      ec9be5a7aa495039a77f836551f2085a33dd8177

    • SHA256

      d0f2d467a7b65203a0b9aa414ab53af72b7b66752bbd9efaf8c26c3bc9293a89

    • SHA512

      1b617c4f4f31fb5c56e9a566a08491d5b41d1509b50cad0b2497fa092d56a14b092052c9322ea5640ffce9aad894dda77a6e6bcb11c26ccb269fbad87b5692a7

    • SSDEEP

      24576:0eUKt2yozDn6ptlov1LGIsubFK7cjvzAwZDwisVTtkxTpznK/:xUKthozDn6XlIFfjvz5SPTuxTpzK/

    Score
    10/10
    lockergogabankerransomwarespywarestealertrojan

    • LockerGoga

      LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.

      trojanbankerlockergoga

    • Renames multiple (344) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks