Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-01-25...ab.exe

windows7-x64

10

2024-01-25...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-01-25_ff5f0b2d333102a909f6ebba4feadd09_gandcrab

  • Size

    145KB

  • Sample

    240125-v92tsschaj

  • MD5

    ff5f0b2d333102a909f6ebba4feadd09

  • SHA1

    0c294cc3f6e9bdb83f27048beb1197359f0921b1

  • SHA256

    63c1e6f85032a804532589bad9698c5bad00427a27275fc9d195e24c91cdbbb7

  • SHA512

    c2d79572c2fe3d7db000efad8e40414b9961d5bfe2af26e612d37825788f73e2d4f3e9d597c3ba6448f0872a9310eb450496508d394341c13c18dcba59d89b38

  • SSDEEP

    3072:cYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:cyOqqDL64vdGREz

Score
10/10
gandcrabkinsingbackdoorloaderpersistenceransomware

Malware Config

Targets

    • Target

      2024-01-25_ff5f0b2d333102a909f6ebba4feadd09_gandcrab

    • Size

      145KB

    • MD5

      ff5f0b2d333102a909f6ebba4feadd09

    • SHA1

      0c294cc3f6e9bdb83f27048beb1197359f0921b1

    • SHA256

      63c1e6f85032a804532589bad9698c5bad00427a27275fc9d195e24c91cdbbb7

    • SHA512

      c2d79572c2fe3d7db000efad8e40414b9961d5bfe2af26e612d37825788f73e2d4f3e9d597c3ba6448f0872a9310eb450496508d394341c13c18dcba59d89b38

    • SSDEEP

      3072:cYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:cyOqqDL64vdGREz

    Score
    10/10
    gandcrabbackdoorpersistenceransomwarekinsingloader

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.