Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-02-04_8af1162e9d8760024d4c50aa2269cc40_karagany_mafia

  • Size

    257KB

  • Sample

    240204-rwjjhseafr

  • MD5

    8af1162e9d8760024d4c50aa2269cc40

  • SHA1

    d05745eeee000100b4c59c3473c5f55aed5198db

  • SHA256

    30469e49b7acf3718af1b2a58def19b2c1ba1e53e151baf41bec73af79ed14c4

  • SHA512

    49be2c62c89306268de33b2ab321367a32d0144c8a2b5f00c0d5600d20d71227ec9461918841d23e76851b1d80849420d9d8c0133f6c1bd510bed4a8bb6a8bbe

  • SSDEEP

    6144:5JvXbVklS/zDiWsg4Ig1ubxq6ckd+QWm5iGgw3Yx:DVklS/qHg4EbVckYBJGT3Yx

Malware Config

Targets

    • Target

      2024-02-04_8af1162e9d8760024d4c50aa2269cc40_karagany_mafia

    • Size

      257KB

    • MD5

      8af1162e9d8760024d4c50aa2269cc40

    • SHA1

      d05745eeee000100b4c59c3473c5f55aed5198db

    • SHA256

      30469e49b7acf3718af1b2a58def19b2c1ba1e53e151baf41bec73af79ed14c4

    • SHA512

      49be2c62c89306268de33b2ab321367a32d0144c8a2b5f00c0d5600d20d71227ec9461918841d23e76851b1d80849420d9d8c0133f6c1bd510bed4a8bb6a8bbe

    • SSDEEP

      6144:5JvXbVklS/zDiWsg4Ig1ubxq6ckd+QWm5iGgw3Yx:DVklS/qHg4EbVckYBJGT3Yx

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks