Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-01-18_aee0d5c778c40d2b6015c142a2151445_karagany_mafia

  • Size

    250KB

  • Sample

    240118-qzwgtadaf7

  • MD5

    aee0d5c778c40d2b6015c142a2151445

  • SHA1

    8cfe28ec8baa0f79749097dedc61da337f44f841

  • SHA256

    f4719a9f752727c9f9cb069c9ebee31598a5e8455b776c9364139b523648e268

  • SHA512

    569bdfc263b5507d42ebc22bed24f55b37535acf7c203f0175b5e31bbb6b7c976c69213202e51efd1d2de3daacef6470c24ba814c310889c95502f322dd8b306

  • SSDEEP

    3072:e/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:e/y20Gj0r+EBFrkvlU3RvIUDOIN

Malware Config

Targets

    • Target

      2024-01-18_aee0d5c778c40d2b6015c142a2151445_karagany_mafia

    • Size

      250KB

    • MD5

      aee0d5c778c40d2b6015c142a2151445

    • SHA1

      8cfe28ec8baa0f79749097dedc61da337f44f841

    • SHA256

      f4719a9f752727c9f9cb069c9ebee31598a5e8455b776c9364139b523648e268

    • SHA512

      569bdfc263b5507d42ebc22bed24f55b37535acf7c203f0175b5e31bbb6b7c976c69213202e51efd1d2de3daacef6470c24ba814c310889c95502f322dd8b306

    • SSDEEP

      3072:e/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:e/y20Gj0r+EBFrkvlU3RvIUDOIN

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks