General

  • Target

    16cea803881eb0b1102ebfa143ef842dd00ce44445f86eee57609159fe8985d5

  • Size

    265KB

  • Sample

    210518-atc6gyk1ps

  • MD5

    4a9cf137f5db321ca942cc545c673d4a

  • SHA1

    7e767ea2cc3483a6e6e4f8fac0a6474e3bbcbfa2

  • SHA256

    16cea803881eb0b1102ebfa143ef842dd00ce44445f86eee57609159fe8985d5

  • SHA512

    6aa3b1ffe464bf78f3c09342957546898a287e1027d8e6cac79651fc3b67e8b61fa4ba92a3446d7a139f9b847208c884ff6dd374b6cdaf9a78a10af1cb8e045b

Malware Config

Targets

    • Target

      16cea803881eb0b1102ebfa143ef842dd00ce44445f86eee57609159fe8985d5

    • Size

      265KB

    • MD5

      4a9cf137f5db321ca942cc545c673d4a

    • SHA1

      7e767ea2cc3483a6e6e4f8fac0a6474e3bbcbfa2

    • SHA256

      16cea803881eb0b1102ebfa143ef842dd00ce44445f86eee57609159fe8985d5

    • SHA512

      6aa3b1ffe464bf78f3c09342957546898a287e1027d8e6cac79651fc3b67e8b61fa4ba92a3446d7a139f9b847208c884ff6dd374b6cdaf9a78a10af1cb8e045b

    • GandCrab Payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks