Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    048cb225a11c893a85927060a02558c4_mafia_JC.exe

  • Size

    300KB

  • Sample

    230815-x6eafadc86

  • MD5

    048cb225a11c893a85927060a02558c4

  • SHA1

    e89ba7393230ffba0043a85bd56334450a5f0604

  • SHA256

    c6b4382f29d3906f732907b5673d5ce5373498279c20942374b1f180f4b70ce1

  • SHA512

    f535649ab648fc68d5ec6ce6dc4dc5257966a17ebf979cec0362e42ba23c04946ddd455cdf1f3e4e380ab3fc4bc80b05b68f5680e676a8960921af5a9be2c90a

  • SSDEEP

    6144:3vEANMO1UnseVgkV0xwvfxnhLTiusLe1740B:cuM0Unsna5mut40B

Malware Config

Targets

    • Target

      048cb225a11c893a85927060a02558c4_mafia_JC.exe

    • Size

      300KB

    • MD5

      048cb225a11c893a85927060a02558c4

    • SHA1

      e89ba7393230ffba0043a85bd56334450a5f0604

    • SHA256

      c6b4382f29d3906f732907b5673d5ce5373498279c20942374b1f180f4b70ce1

    • SHA512

      f535649ab648fc68d5ec6ce6dc4dc5257966a17ebf979cec0362e42ba23c04946ddd455cdf1f3e4e380ab3fc4bc80b05b68f5680e676a8960921af5a9be2c90a

    • SSDEEP

      6144:3vEANMO1UnseVgkV0xwvfxnhLTiusLe1740B:cuM0Unsna5mut40B

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks