Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-02-04_b2ded7bf639ec8bce0ef92c2f34d32bd_gandcrab

  • Size

    97KB

  • Sample

    240204-eel7vsghd9

  • MD5

    b2ded7bf639ec8bce0ef92c2f34d32bd

  • SHA1

    524efab304ee5530a39f503d64bf4f54627aa2c4

  • SHA256

    2e3ff87d47b1b7ee691c09781a711bd9a9bf818adb66550026e19561ec075c26

  • SHA512

    0331ad9d3222db50fa0acda9a3accbf86a4c043b6439eb94114db02bba36d3211108595c568db0be1fa6b17b56ae2654cffb43112dfd1bd10c227cec6a128e98

  • SSDEEP

    1536:8ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHkD:iBounVyFHFMqqDL2/LgHkc2

Malware Config

Targets

    • Target

      2024-02-04_b2ded7bf639ec8bce0ef92c2f34d32bd_gandcrab

    • Size

      97KB

    • MD5

      b2ded7bf639ec8bce0ef92c2f34d32bd

    • SHA1

      524efab304ee5530a39f503d64bf4f54627aa2c4

    • SHA256

      2e3ff87d47b1b7ee691c09781a711bd9a9bf818adb66550026e19561ec075c26

    • SHA512

      0331ad9d3222db50fa0acda9a3accbf86a4c043b6439eb94114db02bba36d3211108595c568db0be1fa6b17b56ae2654cffb43112dfd1bd10c227cec6a128e98

    • SSDEEP

      1536:8ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHkD:iBounVyFHFMqqDL2/LgHkc2

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks