Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-01-28_ebe9a9d5de78dfda32a325fc76aa3c8e_gandcrab

  • Size

    145KB

  • Sample

    240128-vchpnaeaa4

  • MD5

    ebe9a9d5de78dfda32a325fc76aa3c8e

  • SHA1

    75e6ae43295989aa20e0017b0a54048a32f4eaef

  • SHA256

    ffe2c408eb3f673e26fe7e2f50ad97f2bdabf71d445b139d85c8eae0c903489a

  • SHA512

    606fc1f6f6bbfbd06e71b973764a71dfad4f8461b2e5877e33a1325a09ee1bfe017d721b92295b7504fd28f356c4edfb1f775d1a7d185bbcbddfa03494211736

  • SSDEEP

    3072:lYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:lyOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-01-28_ebe9a9d5de78dfda32a325fc76aa3c8e_gandcrab

    • Size

      145KB

    • MD5

      ebe9a9d5de78dfda32a325fc76aa3c8e

    • SHA1

      75e6ae43295989aa20e0017b0a54048a32f4eaef

    • SHA256

      ffe2c408eb3f673e26fe7e2f50ad97f2bdabf71d445b139d85c8eae0c903489a

    • SHA512

      606fc1f6f6bbfbd06e71b973764a71dfad4f8461b2e5877e33a1325a09ee1bfe017d721b92295b7504fd28f356c4edfb1f775d1a7d185bbcbddfa03494211736

    • SSDEEP

      3072:lYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:lyOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks