Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    67718d241e2683cbb75d8026920385b5_mafia_JC.exe

  • Size

    312KB

  • Sample

    230822-sjwtrada57

  • MD5

    67718d241e2683cbb75d8026920385b5

  • SHA1

    26875ed4609f232196264dd06b34afa6aa24ba2f

  • SHA256

    7f12aea157fd519b1d9b6e8e03a22f4abf3b0413bb6e406a3acc1b36aba1b266

  • SHA512

    669ea9b0813c5f24505769d31bb5fef4ac44cc184cfcc062dd67b1210a8bcb327e5c4b7c5b2d20294a55fe175f2c96f95e9736fc852cfc6db8e3be1a10e9de8a

  • SSDEEP

    6144:uuj33iwZkzXwPPTLjQ1JStkJVPzhd0FTXE6eAiUa:uuaXwPmEkXcF20a

Malware Config

Targets

    • Target

      67718d241e2683cbb75d8026920385b5_mafia_JC.exe

    • Size

      312KB

    • MD5

      67718d241e2683cbb75d8026920385b5

    • SHA1

      26875ed4609f232196264dd06b34afa6aa24ba2f

    • SHA256

      7f12aea157fd519b1d9b6e8e03a22f4abf3b0413bb6e406a3acc1b36aba1b266

    • SHA512

      669ea9b0813c5f24505769d31bb5fef4ac44cc184cfcc062dd67b1210a8bcb327e5c4b7c5b2d20294a55fe175f2c96f95e9736fc852cfc6db8e3be1a10e9de8a

    • SSDEEP

      6144:uuj33iwZkzXwPPTLjQ1JStkJVPzhd0FTXE6eAiUa:uuaXwPmEkXcF20a

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks