General

  • Target

    331baab78131c7147fbbfc7c910f0344863f01d36812fb7bdb2572a2413c7049

  • Size

    244KB

  • Sample

    210518-l211mqzsne

  • MD5

    0c5acedbe44f6be1bbd994db11825668

  • SHA1

    6edd1b54f47f3087887f23c0c0438783ba639a3e

  • SHA256

    331baab78131c7147fbbfc7c910f0344863f01d36812fb7bdb2572a2413c7049

  • SHA512

    849b5b5fe2047a4f4641198fdb6319e9132454b9bfff2b072ea4047f427131c591f2b48ee21412754d640c46bd4923a80d4684f09e9ba8e395dc59ba0d4664e7

Malware Config

Targets

    • Target

      331baab78131c7147fbbfc7c910f0344863f01d36812fb7bdb2572a2413c7049

    • Size

      244KB

    • MD5

      0c5acedbe44f6be1bbd994db11825668

    • SHA1

      6edd1b54f47f3087887f23c0c0438783ba639a3e

    • SHA256

      331baab78131c7147fbbfc7c910f0344863f01d36812fb7bdb2572a2413c7049

    • SHA512

      849b5b5fe2047a4f4641198fdb6319e9132454b9bfff2b072ea4047f427131c591f2b48ee21412754d640c46bd4923a80d4684f09e9ba8e395dc59ba0d4664e7

    • GandCrab Payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks