General

  • Target

    996035b6a2fb2fcad22d9f8af0afae1e1c1759da3adc9b7f787cbced75878d16

  • Size

    321KB

  • Sample

    210518-albgfs34x6

  • MD5

    79347271ac0efccabcacdcdcbbe0eec4

  • SHA1

    b2ad76aec336235c36996abe911c31fea0b90e1b

  • SHA256

    996035b6a2fb2fcad22d9f8af0afae1e1c1759da3adc9b7f787cbced75878d16

  • SHA512

    d87617c57380bce363fd370aa562b681f62caa8baf8878950b64a3fd2d7c6cf61d67e23d723527e6c5a5d2bde8a3553d8499e0e7b69dedfdce8e2ed60f8f01fb

Malware Config

Targets

    • Target

      996035b6a2fb2fcad22d9f8af0afae1e1c1759da3adc9b7f787cbced75878d16

    • Size

      321KB

    • MD5

      79347271ac0efccabcacdcdcbbe0eec4

    • SHA1

      b2ad76aec336235c36996abe911c31fea0b90e1b

    • SHA256

      996035b6a2fb2fcad22d9f8af0afae1e1c1759da3adc9b7f787cbced75878d16

    • SHA512

      d87617c57380bce363fd370aa562b681f62caa8baf8878950b64a3fd2d7c6cf61d67e23d723527e6c5a5d2bde8a3553d8499e0e7b69dedfdce8e2ed60f8f01fb

    • GandCrab Payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks