Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
23/03/2025, 00:07
250323-aejphstxdx 823/03/2025, 00:06
250323-adrzhaxqz8 823/03/2025, 00:05
250323-adkkestxbw 323/03/2025, 00:02
250323-abxrzaxqw9 1020/03/2025, 23:27
250320-3fd5mstrw6 1001/03/2025, 19:51
250301-ykw4sszqy9 801/03/2025, 19:50
250301-yj8ffazqx8 801/03/2025, 19:47
250301-yh1dfazxev 801/03/2025, 19:45
250301-yghr1azp15 1026/02/2025, 02:07
250226-ckdrka1m15 10General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo
-
Sample
250226-ckdrka1m15
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\README_HOW_TO_UNLOCK.TXT
Ransom Note
YOUR FILE HAS BEEN LOCKED
In order to unlock your files, follow the instructions bellow:
1. Download and install Tor Browser
2. After a successful installation, run Tor Browser and wait for its initialization.
3. Type in the address bar: http://zvnvp2rhe3ljwf2m.onion
4. Follow the instructions on the site.
URLs
http://zvnvp2rhe3ljwf2m.onion
Targets
-
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo
Score10/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (61) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-