Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2025-01-03_4dec51c6d4722591b1bc38aad12cf37e_karagany_mafia

  • Size

    312KB

  • Sample

    250103-ppqcdatmhx

  • MD5

    4dec51c6d4722591b1bc38aad12cf37e

  • SHA1

    3cc91f5f2bc8b0233cc6d101755a69c4de726edc

  • SHA256

    0c18c1f338adbc64e9de8d4443818b7c9195c519036c191c6dde586eaa7cda16

  • SHA512

    fdfb57882f462f1abf112c1789532cb929a9cb4a177af640faec11a6ce8a320b2da17b32621c3831d4cef66e37bf5d9b0137f079538c1b1288fbf0df4c0f87fe

  • SSDEEP

    3072:pb9chCbs07hdRhduItP/emDHBNTXn7BS4FI0rzBNZ237Qct7PX432gwbNTfSmovi:p3s0DwyemtpnFD/c7QUA32bNTFeHDy

Malware Config

Targets

    • Target

      2025-01-03_4dec51c6d4722591b1bc38aad12cf37e_karagany_mafia

    • Size

      312KB

    • MD5

      4dec51c6d4722591b1bc38aad12cf37e

    • SHA1

      3cc91f5f2bc8b0233cc6d101755a69c4de726edc

    • SHA256

      0c18c1f338adbc64e9de8d4443818b7c9195c519036c191c6dde586eaa7cda16

    • SHA512

      fdfb57882f462f1abf112c1789532cb929a9cb4a177af640faec11a6ce8a320b2da17b32621c3831d4cef66e37bf5d9b0137f079538c1b1288fbf0df4c0f87fe

    • SSDEEP

      3072:pb9chCbs07hdRhduItP/emDHBNTXn7BS4FI0rzBNZ237Qct7PX432gwbNTfSmovi:p3s0DwyemtpnFD/c7QUA32bNTFeHDy

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Gandcrab family

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks