Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-02-14_245ecfff350cfc48626a3d5f7ecd9eee_karagany_mafia

  • Size

    250KB

  • Sample

    240214-g9mszsbe2x

  • MD5

    245ecfff350cfc48626a3d5f7ecd9eee

  • SHA1

    2c610518f29628a3af5f2ec8ffc0deb811105d16

  • SHA256

    e6bed1ecd5d0354beafe9ff274e37e02608138c6b7d188fb064973725aefeb76

  • SHA512

    ca4b6aa4a2b90511dd6b5da3f80a850312c3278d87753ed7a0e71b01b5b0e1d10fff9208ed24d56f04b79a236e2f907bc27ba93baae0abee36d83d9f76a4d5ad

  • SSDEEP

    6144:/+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxXq:TOCjaklYgVIpxIhDtR

Malware Config

Targets

    • Target

      2024-02-14_245ecfff350cfc48626a3d5f7ecd9eee_karagany_mafia

    • Size

      250KB

    • MD5

      245ecfff350cfc48626a3d5f7ecd9eee

    • SHA1

      2c610518f29628a3af5f2ec8ffc0deb811105d16

    • SHA256

      e6bed1ecd5d0354beafe9ff274e37e02608138c6b7d188fb064973725aefeb76

    • SHA512

      ca4b6aa4a2b90511dd6b5da3f80a850312c3278d87753ed7a0e71b01b5b0e1d10fff9208ed24d56f04b79a236e2f907bc27ba93baae0abee36d83d9f76a4d5ad

    • SSDEEP

      6144:/+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxXq:TOCjaklYgVIpxIhDtR

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks