Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe

  • Size

    300KB

  • Sample

    230819-qqhvcsbg4z

  • MD5

    40bdca671213c2ed28ee28f48a9dfd1b

  • SHA1

    f6f1d72a62b7b7fd2888e1a3d3aeffa291c9d292

  • SHA256

    e612e8fe9760b1ffcecd1f8ce6aad8a886ba92d742456d63b07e067c6ee0f1db

  • SHA512

    b8a141e6c1552f1551411a588e643e8289777fed1fdbdb89ed685b633a667b943fbfa8412b201440498d61b0afcdd06f92ec9b58ba1ce5ce60e3937ea74f0499

  • SSDEEP

    6144:GvEANMO1UnseVgkV0xwvfxnhLTiusLe1740N:puM0Unsna5mut40N

Malware Config

Targets

    • Target

      40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe

    • Size

      300KB

    • MD5

      40bdca671213c2ed28ee28f48a9dfd1b

    • SHA1

      f6f1d72a62b7b7fd2888e1a3d3aeffa291c9d292

    • SHA256

      e612e8fe9760b1ffcecd1f8ce6aad8a886ba92d742456d63b07e067c6ee0f1db

    • SHA512

      b8a141e6c1552f1551411a588e643e8289777fed1fdbdb89ed685b633a667b943fbfa8412b201440498d61b0afcdd06f92ec9b58ba1ce5ce60e3937ea74f0499

    • SSDEEP

      6144:GvEANMO1UnseVgkV0xwvfxnhLTiusLe1740N:puM0Unsna5mut40N

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks