Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2023-08-22_3f1c7b09bea873392ade8fe703511672_mafia_JC.exe

  • Size

    250KB

  • Sample

    230902-tvev2sed87

  • MD5

    3f1c7b09bea873392ade8fe703511672

  • SHA1

    5a1dd28e688011fe65ddf104435bc8934fc39ad9

  • SHA256

    070c259687c4d494a3a863ee53a9b935dc5db02099cd8732c31a94d80f66dbc0

  • SHA512

    fd6cdc697a171cd6d403ad638f161d30ebb4cd457a91d2cf21c372a6ade53bf0980d35cc0ba6c39e878b1600d5603e564938b423f6c37c18b07988842669ee8c

  • SSDEEP

    3072:G/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:G/y20Gj0r+EBFrkvlU3RvIUDOIN

Malware Config

Targets

    • Target

      2023-08-22_3f1c7b09bea873392ade8fe703511672_mafia_JC.exe

    • Size

      250KB

    • MD5

      3f1c7b09bea873392ade8fe703511672

    • SHA1

      5a1dd28e688011fe65ddf104435bc8934fc39ad9

    • SHA256

      070c259687c4d494a3a863ee53a9b935dc5db02099cd8732c31a94d80f66dbc0

    • SHA512

      fd6cdc697a171cd6d403ad638f161d30ebb4cd457a91d2cf21c372a6ade53bf0980d35cc0ba6c39e878b1600d5603e564938b423f6c37c18b07988842669ee8c

    • SSDEEP

      3072:G/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:G/y20Gj0r+EBFrkvlU3RvIUDOIN

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks