Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d64288301aad86873d614e5afbb74550_mafia_JC.exe

  • Size

    247KB

  • Sample

    230829-wk7jesed86

  • MD5

    d64288301aad86873d614e5afbb74550

  • SHA1

    3bc96f0775ae8ffcfe71a6eb82ce998bd9f1743a

  • SHA256

    1c207878a2a8c526188daa10df75de78e8aa51cf74d21e4b77b7e59f0bb6ddc9

  • SHA512

    c64086adee3aa2b9352da9574a1d8773f3b866d78d41822dbeab5f0e16961010a74c301cf3c30d68542d46d6e5243a2cdac64feded0750c1d3f90b549d3f2676

  • SSDEEP

    3072:Ne/3l1glxNGX0+tl0BNsPmmWpOTgfgDOOK+74ArCjZ/NHkciAHaLiq7:NevEDGk+tOWmTYD/gEY/EcHKiw

Malware Config

Targets

    • Target

      d64288301aad86873d614e5afbb74550_mafia_JC.exe

    • Size

      247KB

    • MD5

      d64288301aad86873d614e5afbb74550

    • SHA1

      3bc96f0775ae8ffcfe71a6eb82ce998bd9f1743a

    • SHA256

      1c207878a2a8c526188daa10df75de78e8aa51cf74d21e4b77b7e59f0bb6ddc9

    • SHA512

      c64086adee3aa2b9352da9574a1d8773f3b866d78d41822dbeab5f0e16961010a74c301cf3c30d68542d46d6e5243a2cdac64feded0750c1d3f90b549d3f2676

    • SSDEEP

      3072:Ne/3l1glxNGX0+tl0BNsPmmWpOTgfgDOOK+74ArCjZ/NHkciAHaLiq7:NevEDGk+tOWmTYD/gEY/EcHKiw

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks