Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2025-03-01...de.exe

windows7-x64

10

2025-03-01...de.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-01_e484fdf70971d7884b935f35009b70d9_darkside

  • Size

    147KB

  • Sample

    250301-l5l34synx6

  • MD5

    e484fdf70971d7884b935f35009b70d9

  • SHA1

    9df69d121589be29aaea4a791de68940e5b4560d

  • SHA256

    cc34b0ee0a05ec167f26cf9c0e7617dfe5c93859694d7f86519721e0500ea3e3

  • SHA512

    7af96b6e59288f9f5117cd9b8bce1a404bfadf0b2a74df61c0f6e8e5069a69fc50da802397fa6effc44dbdf2d9a912daff26482143c33f823e5fead7b4dd1bbc

  • SSDEEP

    3072:i6glyuxE4GsUPnliByocWepu1lFSooIjlya2j:i6gDBGpvEByocWe08i14

Score
10/10
braincipherlockbitdefense_evasiondiscoveryransomwarespywarestealer

Malware Config

Extracted

Path

C:\P2cK9tagI.README.txt

Family

braincipher

Ransom Note
*** Welcome to Brain Cipher Ransomware! *** Dear managers! If you're reading this, it means your systems have been hacked and encrypted and your data stolen. *** The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours. In order for it to be successful, you must follow a few points: 1.Don't go to the police, etc. 2.Do not attempt to recover data on your own. 3.Do not take the help of third-party data recovery companies. In most cases, they are scammers who will pay us a ransom and take a for themselves. *** If you violate any 1 of these points, we will refuse to cooperate with you!!! ATTENTION! If you do not contact us within 48 hours, we will post the record on our website: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion 3 steps to data recovery: 1. Download and install Tor Browser (https://www.torproject.org/download/) 2. Go to our support page: http://brain4zoadgr6clxecixffvxjsw43cflyprnpfeak72nfh664kqqriyd.onion This page can take up to 30 minutes to load. 3. Enter your encryption ID: YTLPEc1HteenqnmYMoULaQdZbHGeFzy7wpU63FqZxtA+JiOucpFdpfacqk4OKunDNT714KgoOxL5BqpWxD7zdUVUFTSEN6 Email to support: [email protected]
URLs

http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion

http://brain4zoadgr6clxecixffvxjsw43cflyprnpfeak72nfh664kqqriyd.onion

Targets

    • Target

      2025-03-01_e484fdf70971d7884b935f35009b70d9_darkside

    • Size

      147KB

    • MD5

      e484fdf70971d7884b935f35009b70d9

    • SHA1

      9df69d121589be29aaea4a791de68940e5b4560d

    • SHA256

      cc34b0ee0a05ec167f26cf9c0e7617dfe5c93859694d7f86519721e0500ea3e3

    • SHA512

      7af96b6e59288f9f5117cd9b8bce1a404bfadf0b2a74df61c0f6e8e5069a69fc50da802397fa6effc44dbdf2d9a912daff26482143c33f823e5fead7b4dd1bbc

    • SSDEEP

      3072:i6glyuxE4GsUPnliByocWepu1lFSooIjlya2j:i6gDBGpvEByocWe08i14

    Score
    10/10
    braincipherdefense_evasiondiscoveryransomwarespywarestealer

    • Brain Cipher

      Ransomware family based on Lockbit that was first observed in June 2024.

      ransomwarebraincipher

    • Braincipher family

      braincipher

    • Renames multiple (7722) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks