General

  • Target

    20240106b07dc2d08f1672f2dedfe0c025561b76karaganymafia.exe

  • Size

    308KB

  • Sample

    240107-yaglcscfek

  • MD5

    b07dc2d08f1672f2dedfe0c025561b76

  • SHA1

    1e7f3a33add3aad8b6d8a0f9814de72e0e895f5d

  • SHA256

    4f195de4d7d96caa58a33f70593b0e6cdc4250df5c0c10b4e058bba05ce386aa

  • SHA512

    49f257188e2dab42788453c8263c5e5461290f6b66962157188285e3190274a83dd84fea6b0ad4202a125fcb7ce485b06646076beb4cd735573c93717ac17651

  • SSDEEP

    6144:pzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:3DHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      20240106b07dc2d08f1672f2dedfe0c025561b76karaganymafia.exe

    • Size

      308KB

    • MD5

      b07dc2d08f1672f2dedfe0c025561b76

    • SHA1

      1e7f3a33add3aad8b6d8a0f9814de72e0e895f5d

    • SHA256

      4f195de4d7d96caa58a33f70593b0e6cdc4250df5c0c10b4e058bba05ce386aa

    • SHA512

      49f257188e2dab42788453c8263c5e5461290f6b66962157188285e3190274a83dd84fea6b0ad4202a125fcb7ce485b06646076beb4cd735573c93717ac17651

    • SSDEEP

      6144:pzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:3DHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks