Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-04-04_4a668f0abb94c8efbe6aa91dd833ba21_gandcrab

  • Size

    145KB

  • Sample

    240404-3hgzbaec67

  • MD5

    4a668f0abb94c8efbe6aa91dd833ba21

  • SHA1

    4bd985b764ff877001dd8e77fa7cbe8ae0ce8e12

  • SHA256

    bc6e501eb8cec81867ae939a4baf5844ae077c617676d640658124f4f7896f42

  • SHA512

    419141158e433bb0781785ff7c67cccce004c88043fbbffd704baf0343aecc4f6b4520601972bf9ce6b9e5d9059e7171ea662eb420ef11b604cc4fc87705ac17

  • SSDEEP

    3072:JYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:JyOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-04-04_4a668f0abb94c8efbe6aa91dd833ba21_gandcrab

    • Size

      145KB

    • MD5

      4a668f0abb94c8efbe6aa91dd833ba21

    • SHA1

      4bd985b764ff877001dd8e77fa7cbe8ae0ce8e12

    • SHA256

      bc6e501eb8cec81867ae939a4baf5844ae077c617676d640658124f4f7896f42

    • SHA512

      419141158e433bb0781785ff7c67cccce004c88043fbbffd704baf0343aecc4f6b4520601972bf9ce6b9e5d9059e7171ea662eb420ef11b604cc4fc87705ac17

    • SSDEEP

      3072:JYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:JyOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks