General

  • Target

    202401067c0b27a7c8a98d51ef1c50b11fe34b60karaganymafia.exe

  • Size

    308KB

  • Sample

    240107-x3r25adcd8

  • MD5

    7c0b27a7c8a98d51ef1c50b11fe34b60

  • SHA1

    4bd2ade1e2a0573c81b5ab51b29e5550e7164a57

  • SHA256

    855c56dbe6a8040e1e2e7d020b41fad65d56f3c124bb7566bfaf23391b698f93

  • SHA512

    12c763e34dd820e81e32b2bb463604dc34c2716a9fd980765cd506f638a456ec6ab3e0af1d6205f8288aed197f3bf999a3f8056e8d65762e784e0d956ab74395

  • SSDEEP

    6144:mzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:kDHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      202401067c0b27a7c8a98d51ef1c50b11fe34b60karaganymafia.exe

    • Size

      308KB

    • MD5

      7c0b27a7c8a98d51ef1c50b11fe34b60

    • SHA1

      4bd2ade1e2a0573c81b5ab51b29e5550e7164a57

    • SHA256

      855c56dbe6a8040e1e2e7d020b41fad65d56f3c124bb7566bfaf23391b698f93

    • SHA512

      12c763e34dd820e81e32b2bb463604dc34c2716a9fd980765cd506f638a456ec6ab3e0af1d6205f8288aed197f3bf999a3f8056e8d65762e784e0d956ab74395

    • SSDEEP

      6144:mzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:kDHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks