General

  • Target

    202401069dd701c586f18142bae8d08f69a46d86karaganymafia.exe

  • Size

    327KB

  • Sample

    240107-yamglsdeh2

  • MD5

    9dd701c586f18142bae8d08f69a46d86

  • SHA1

    7ef1c0f54ce023eee56dea47ef51f049647b880e

  • SHA256

    45bfa2d839fe99f52a3146777d0f734c3d3f168bea159892def7fb6137339e57

  • SHA512

    438b66f6285e9688241d4e550b88723c013424e56f115f04d775f28820489d85c02acbad1806fe06fac6f29232e23de2f0eb495013e86d481176c7df7fd61b38

  • SSDEEP

    6144:l7VHzhC5EEKuBkFwbUDGTgtLA8n8tmiu7mxSeOnDvxDwOSa:DThCTKuBtgD3BA0hLeONDFSa

Malware Config

Targets

    • Target

      202401069dd701c586f18142bae8d08f69a46d86karaganymafia.exe

    • Size

      327KB

    • MD5

      9dd701c586f18142bae8d08f69a46d86

    • SHA1

      7ef1c0f54ce023eee56dea47ef51f049647b880e

    • SHA256

      45bfa2d839fe99f52a3146777d0f734c3d3f168bea159892def7fb6137339e57

    • SHA512

      438b66f6285e9688241d4e550b88723c013424e56f115f04d775f28820489d85c02acbad1806fe06fac6f29232e23de2f0eb495013e86d481176c7df7fd61b38

    • SSDEEP

      6144:l7VHzhC5EEKuBkFwbUDGTgtLA8n8tmiu7mxSeOnDvxDwOSa:DThCTKuBtgD3BA0hLeONDFSa

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks