Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    89f7e16a77ff39exeexeexeex.exe

  • Size

    308KB

  • Sample

    230709-jattcsbh8y

  • MD5

    89f7e16a77ff39d35b84d25785fb1cb7

  • SHA1

    828e80b70e5c294ff0879842c6e8f5fb65df9184

  • SHA256

    238cfcf503be854bc296242abc3e3d4012ad3326dafd8b4cabeebac68765b45b

  • SHA512

    c9a3e7b53cf3424f1354160a972cc67bd96eeb98e8d7aff40ab2fac658451c7e2cd5a647e51e3f0f9bb9dcd8656896501bb090db0ccbaf42dab9d4e0485606cb

  • SSDEEP

    6144:PzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:lDHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      89f7e16a77ff39exeexeexeex.exe

    • Size

      308KB

    • MD5

      89f7e16a77ff39d35b84d25785fb1cb7

    • SHA1

      828e80b70e5c294ff0879842c6e8f5fb65df9184

    • SHA256

      238cfcf503be854bc296242abc3e3d4012ad3326dafd8b4cabeebac68765b45b

    • SHA512

      c9a3e7b53cf3424f1354160a972cc67bd96eeb98e8d7aff40ab2fac658451c7e2cd5a647e51e3f0f9bb9dcd8656896501bb090db0ccbaf42dab9d4e0485606cb

    • SSDEEP

      6144:PzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:lDHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks