Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ransom.exe

windows7-x64

10

ransom.exe

windows10-2004-x64

10

Resubmissions

09/07/2024, 19:21

240709-x2s8ss1blj 10

09/07/2024, 19:14

240709-xxngrazhkp 10

03/07/2024, 09:01

240703-ky8g4awaja 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ransom.exe

  • Size

    7.8MB

  • Sample

    240703-ky8g4awaja

  • MD5

    648bd793d9e54fc2741e0ba10980c7de

  • SHA1

    f5d0c94b2be91342dc01ecf2f89e7e6f21a74b90

  • SHA256

    102276ae1f518745695fe8f291bf6e69856b91723244881561bb1a2338d54b12

  • SHA512

    d1428b934a360d7f3651947d11081892c93c7cd29a17dc38190cbb46c95939928ac6f805adf586be2937e27fc20aec8bd1fc2c782c681e7e94e9e8d33b8ebf15

  • SSDEEP

    98304:9+v9K8MgmB4oIWcCJ3ZZVL8oYi5lTkZkmla1DXL:S4uWcCT9Gzl

Score
10/10
ransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\CyberVolk_ReadMe.txt

Ransom Note
Greetings. All your files have been encrypted by CyberVolk ransomware. Please never try to recover your files without decryption key which I give you after pay. They could be disappeared� You should follow my words. Pay $1000 BTC to below address. My telegram : @hacker7 Our Team : https://t.me/cubervolk We always welcome you and your payment.
URLs

https://t.me/cubervolk

Targets

    • Target

      ransom.exe

    • Size

      7.8MB

    • MD5

      648bd793d9e54fc2741e0ba10980c7de

    • SHA1

      f5d0c94b2be91342dc01ecf2f89e7e6f21a74b90

    • SHA256

      102276ae1f518745695fe8f291bf6e69856b91723244881561bb1a2338d54b12

    • SHA512

      d1428b934a360d7f3651947d11081892c93c7cd29a17dc38190cbb46c95939928ac6f805adf586be2937e27fc20aec8bd1fc2c782c681e7e94e9e8d33b8ebf15

    • SSDEEP

      98304:9+v9K8MgmB4oIWcCJ3ZZVL8oYi5lTkZkmla1DXL:S4uWcCT9Gzl

    Score
    10/10
    ransomwarespywarestealer

    • Renames multiple (893) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks