Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fa261aff7ab7d7243bb35160c6a793fa_mafia_JC.exe

  • Size

    300KB

  • Sample

    230831-wqarmshb97

  • MD5

    fa261aff7ab7d7243bb35160c6a793fa

  • SHA1

    30559207d159581aacd8e697e974dd7a7099a8be

  • SHA256

    f0ead13e044a331f8b41f2e4e43d14ea319cee3881d65627815d58b9316af6cf

  • SHA512

    11d8bc48f2a64a607a9d1ea86c4a5ff7913e24937ca20ec0435e539754bf4cb7cdcd3aa893f9babb57f93de95727c9df2638fa8a8238c07c7153cab1c77253a0

  • SSDEEP

    6144:tvEANMO1UnseVgkV0xwvfxnhLTiusLe1740B:euM0Unsna5mut40B

Malware Config

Targets

    • Target

      fa261aff7ab7d7243bb35160c6a793fa_mafia_JC.exe

    • Size

      300KB

    • MD5

      fa261aff7ab7d7243bb35160c6a793fa

    • SHA1

      30559207d159581aacd8e697e974dd7a7099a8be

    • SHA256

      f0ead13e044a331f8b41f2e4e43d14ea319cee3881d65627815d58b9316af6cf

    • SHA512

      11d8bc48f2a64a607a9d1ea86c4a5ff7913e24937ca20ec0435e539754bf4cb7cdcd3aa893f9babb57f93de95727c9df2638fa8a8238c07c7153cab1c77253a0

    • SSDEEP

      6144:tvEANMO1UnseVgkV0xwvfxnhLTiusLe1740B:euM0Unsna5mut40B

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks