Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    61f73bf90c3234faeb8aa7c90f24fa3f7a3a1d38b2e94d40ce96a21e7320fd28.apk

  • Size

    6.8MB

  • Sample

    240821-bhn9vasflf

  • MD5

    73d0f5db820e8b491365e3faa9b55498

  • SHA1

    d5ef600aa1c01fa200ed46140c8308637f09dfcd

  • SHA256

    61f73bf90c3234faeb8aa7c90f24fa3f7a3a1d38b2e94d40ce96a21e7320fd28

  • SHA512

    796c47b244bf7d871eb0c0e43dd1b8eed86d15c00a5128ae7740bf87c0b5fcbe9787ee133f739ee0dd5986bee49075208bb768718db12590b2c7073ebe1ed89b

  • SSDEEP

    196608:HSwZWQeHQZzcTK77FMQ+V+Y4Bz/JdLdJ3Uh3IwNde:H5ZwH80EJEv4h/9Shz7e

Malware Config

Extracted

Path

res/layout/activity_main.xml

Family

filecoder

Ransom Note
Current State Information Your personal documents and files on this device have just been crypted.The origion files have been completely deleted and will only be recovered by following the steps described below. Document Decryption Operation Guide 1. To obtain the key which will decrypt files,you need to pay the amount of Bitcoin you see at the top of the screen. 2. After the payment is completed, open %s and enter the userid below, you will get the decryption key. 3. Paste the decryption key in the key inputbox below and click the decrypt button.Reboot the phone,all files will be successfully decrypted. Decrypt Key: paste your key here... Useful Information UserID: BTC addr: 16KQjht4ePZxxGPr3es24VQyMYgR9UEkFy !!!Do not delete this APP,or your files will not be back forever!!!
Wallets

16KQjht4ePZxxGPr3es24VQyMYgR9UEkFy

Targets

    • Target

      61f73bf90c3234faeb8aa7c90f24fa3f7a3a1d38b2e94d40ce96a21e7320fd28.apk

    • Size

      6.8MB

    • MD5

      73d0f5db820e8b491365e3faa9b55498

    • SHA1

      d5ef600aa1c01fa200ed46140c8308637f09dfcd

    • SHA256

      61f73bf90c3234faeb8aa7c90f24fa3f7a3a1d38b2e94d40ce96a21e7320fd28

    • SHA512

      796c47b244bf7d871eb0c0e43dd1b8eed86d15c00a5128ae7740bf87c0b5fcbe9787ee133f739ee0dd5986bee49075208bb768718db12590b2c7073ebe1ed89b

    • SSDEEP

      196608:HSwZWQeHQZzcTK77FMQ+V+Y4Bz/JdLdJ3Uh3IwNde:H5ZwH80EJEv4h/9Shz7e

    • Filecoder.C

      A ransomware family that spreads to other victims via SMS.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Legitimate hosting services abused for malware hosting/C2

    • Changes the wallpaper (common with ransomware activity)

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks