Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.613f00e76b53dbf10a70ba19cc943990.exe

  • Size

    250KB

  • Sample

    231107-xvb1yaff32

  • MD5

    613f00e76b53dbf10a70ba19cc943990

  • SHA1

    8758f5b5ef01579c0a3a585cc6387497e5a7324a

  • SHA256

    a2273c0a3e7af46486bc316cddbf2755c87775f962d99d3d1f7824f4e08a7e88

  • SHA512

    a031ba23c7fc8285c1751fd7e21299acdf542981dc984bcf0c2ed695192e1a209aeb3e36ca6768c413243c9523563ea1d258fd985929b9abbef849901ba7a68b

  • SSDEEP

    3072:D/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOdP:D/y20Gj0r+EBFrkvlU3RvIUDOIB

Malware Config

Targets

    • Target

      NEAS.613f00e76b53dbf10a70ba19cc943990.exe

    • Size

      250KB

    • MD5

      613f00e76b53dbf10a70ba19cc943990

    • SHA1

      8758f5b5ef01579c0a3a585cc6387497e5a7324a

    • SHA256

      a2273c0a3e7af46486bc316cddbf2755c87775f962d99d3d1f7824f4e08a7e88

    • SHA512

      a031ba23c7fc8285c1751fd7e21299acdf542981dc984bcf0c2ed695192e1a209aeb3e36ca6768c413243c9523563ea1d258fd985929b9abbef849901ba7a68b

    • SSDEEP

      3072:D/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOdP:D/y20Gj0r+EBFrkvlU3RvIUDOIB

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks