Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    91b5c2ae08114eexeexeexeex.exe

  • Size

    308KB

  • Sample

    230708-www7tsab2v

  • MD5

    91b5c2ae08114eb93b204c8c9263627d

  • SHA1

    1d2abeec1f3dfde5b56ce1ed7f98375a254e899a

  • SHA256

    7ddc1919366b072312280e37a1b87279b61bf0d66c95ac9874e176a85bae1963

  • SHA512

    7f6c53bec162ee060568e136fc13e891ca4fd65dd7c21dc79cc0d1da1d149519e7ca818b37fb95e1a68e4d5aeaf3ca66763966790cbdccd7b863cfc7bf7160f5

  • SSDEEP

    6144:bzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:JDHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      91b5c2ae08114eexeexeexeex.exe

    • Size

      308KB

    • MD5

      91b5c2ae08114eb93b204c8c9263627d

    • SHA1

      1d2abeec1f3dfde5b56ce1ed7f98375a254e899a

    • SHA256

      7ddc1919366b072312280e37a1b87279b61bf0d66c95ac9874e176a85bae1963

    • SHA512

      7f6c53bec162ee060568e136fc13e891ca4fd65dd7c21dc79cc0d1da1d149519e7ca818b37fb95e1a68e4d5aeaf3ca66763966790cbdccd7b863cfc7bf7160f5

    • SSDEEP

      6144:bzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:JDHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks