Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3e9bbf6f8d49eba0d03ee866d05d4264_mafia_JC.exe

  • Size

    308KB

  • Sample

    230802-wmteksgd72

  • MD5

    3e9bbf6f8d49eba0d03ee866d05d4264

  • SHA1

    fd27e867dee3f81afacf26b280b9cc4202621704

  • SHA256

    ad02a3c263d73d1e065bda64104b6901341c8716cc57b27b1819b76438fc409e

  • SHA512

    ac575d340eb6c88d2ca1a7be79f0b328b3d6760aeb09f99651bc3f858610cd3525ab909ce55288b1424cc27f44dbaf830fa3282e3fe4b39147f730ae56667521

  • SSDEEP

    6144:7zL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:pDHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      3e9bbf6f8d49eba0d03ee866d05d4264_mafia_JC.exe

    • Size

      308KB

    • MD5

      3e9bbf6f8d49eba0d03ee866d05d4264

    • SHA1

      fd27e867dee3f81afacf26b280b9cc4202621704

    • SHA256

      ad02a3c263d73d1e065bda64104b6901341c8716cc57b27b1819b76438fc409e

    • SHA512

      ac575d340eb6c88d2ca1a7be79f0b328b3d6760aeb09f99651bc3f858610cd3525ab909ce55288b1424cc27f44dbaf830fa3282e3fe4b39147f730ae56667521

    • SSDEEP

      6144:7zL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:pDHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks