Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2025-01-01...ab.exe

windows7-x64

10

2025-01-01...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-01_75cb5961946386fdc27803aed2b46837_gandcrab

  • Size

    74KB

  • Sample

    250101-yjp9vstkdr

  • MD5

    75cb5961946386fdc27803aed2b46837

  • SHA1

    35c31571ba03092b098d5f9c0f73ed72b78d2bfa

  • SHA256

    2237782503f8ecc69b4405285c9a397d5787adb2c60596194914a5d6caec5336

  • SHA512

    82b8cd393b1239dffeb969a90b4681f72cf162b01b513c58d836578a397613497b37373996e18135a27a34593d04977f7560c620436e5171e1d984cfae3502f5

  • SSDEEP

    1536:ogSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:oMSjOnrmBbMqqMmr3IdE8we0Avu5r++N

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      2025-01-01_75cb5961946386fdc27803aed2b46837_gandcrab

    • Size

      74KB

    • MD5

      75cb5961946386fdc27803aed2b46837

    • SHA1

      35c31571ba03092b098d5f9c0f73ed72b78d2bfa

    • SHA256

      2237782503f8ecc69b4405285c9a397d5787adb2c60596194914a5d6caec5336

    • SHA512

      82b8cd393b1239dffeb969a90b4681f72cf162b01b513c58d836578a397613497b37373996e18135a27a34593d04977f7560c620436e5171e1d984cfae3502f5

    • SSDEEP

      1536:ogSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:oMSjOnrmBbMqqMmr3IdE8we0Avu5r++N

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks