Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-02-17_337ef9b0a88483c09c951be550bcbdf7_karagany_mafia

  • Size

    222KB

  • Sample

    240217-nllz4seb7x

  • MD5

    337ef9b0a88483c09c951be550bcbdf7

  • SHA1

    5c2b597ff05cd37325b62beadc79417a156c6d6d

  • SHA256

    3d119ce578378f5fbe05e7cb3a507b21f7c21dd4a327fe2861c02d6dab8a4872

  • SHA512

    afff475ef55ae15fa8e5d3fc85c3fa59a05569992de98522024dfb49a03943e26771e3bfcad75f068481a96c8d299f38f1b2602a60a0ac1fd05dbf88c25e721c

  • SSDEEP

    3072:GBbWxYKFDnqvffIj0nStxBN3cwqvcQr3YTfVEPnYbl3/YrDAEioKhAv/:GBkYKZSYYnS1xecmoT2nYbdEKs/

Malware Config

Targets

    • Target

      2024-02-17_337ef9b0a88483c09c951be550bcbdf7_karagany_mafia

    • Size

      222KB

    • MD5

      337ef9b0a88483c09c951be550bcbdf7

    • SHA1

      5c2b597ff05cd37325b62beadc79417a156c6d6d

    • SHA256

      3d119ce578378f5fbe05e7cb3a507b21f7c21dd4a327fe2861c02d6dab8a4872

    • SHA512

      afff475ef55ae15fa8e5d3fc85c3fa59a05569992de98522024dfb49a03943e26771e3bfcad75f068481a96c8d299f38f1b2602a60a0ac1fd05dbf88c25e721c

    • SSDEEP

      3072:GBbWxYKFDnqvffIj0nStxBN3cwqvcQr3YTfVEPnYbl3/YrDAEioKhAv/:GBkYKZSYYnS1xecmoT2nYbdEKs/

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks