Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-01-10_f38470ad60fffac6199a4d4829c101ba_karagany_mafia

  • Size

    308KB

  • Sample

    240111-gpnjsabbb7

  • MD5

    f38470ad60fffac6199a4d4829c101ba

  • SHA1

    50312f02d61f344246f47df67ac1ca75d001d0a2

  • SHA256

    b7d30183ed3e57a6eaeccea074220c943f66931dddc3e09ceeb1ec4230169524

  • SHA512

    9b03df336aaca5f18b1bff9ab5a210205b88b8df977b7aa3a3af21c3e67a9e0e7e8beeb8b49d7c688171a8da0fb212e98942cb3d590fd649a1ad70b9965504b7

  • SSDEEP

    6144:AzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:mDHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      2024-01-10_f38470ad60fffac6199a4d4829c101ba_karagany_mafia

    • Size

      308KB

    • MD5

      f38470ad60fffac6199a4d4829c101ba

    • SHA1

      50312f02d61f344246f47df67ac1ca75d001d0a2

    • SHA256

      b7d30183ed3e57a6eaeccea074220c943f66931dddc3e09ceeb1ec4230169524

    • SHA512

      9b03df336aaca5f18b1bff9ab5a210205b88b8df977b7aa3a3af21c3e67a9e0e7e8beeb8b49d7c688171a8da0fb212e98942cb3d590fd649a1ad70b9965504b7

    • SSDEEP

      6144:AzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:mDHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks