General

  • Target

    06cac3d1c984a6775a0be6af8e2f228ec5f1ae2396df7af4edf12e5c2b6879af

  • Size

    177KB

  • Sample

    210518-3mc2whtck2

  • MD5

    1e13acbb50134a4a9e58b07eeff7ab90

  • SHA1

    87f0724ec1a2941ec8af8561c978641dad829abd

  • SHA256

    06cac3d1c984a6775a0be6af8e2f228ec5f1ae2396df7af4edf12e5c2b6879af

  • SHA512

    63f72e38f5591345916660b7543c4d9247c54a99c0e1eba0e62883bfd9410db9ccd28e03d92d8e15050a466467b76b38aef06cd0ae775a27a4edcc2e8a2c6aaa

Malware Config

Targets

    • Target

      06cac3d1c984a6775a0be6af8e2f228ec5f1ae2396df7af4edf12e5c2b6879af

    • Size

      177KB

    • MD5

      1e13acbb50134a4a9e58b07eeff7ab90

    • SHA1

      87f0724ec1a2941ec8af8561c978641dad829abd

    • SHA256

      06cac3d1c984a6775a0be6af8e2f228ec5f1ae2396df7af4edf12e5c2b6879af

    • SHA512

      63f72e38f5591345916660b7543c4d9247c54a99c0e1eba0e62883bfd9410db9ccd28e03d92d8e15050a466467b76b38aef06cd0ae775a27a4edcc2e8a2c6aaa

    • GandCrab Payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks