General

  • Target

    2024010659d77d37447ce127e2296ad80f42aa26karaganymafia.exe

  • Size

    308KB

  • Sample

    240107-yc1r1sdfe8

  • MD5

    59d77d37447ce127e2296ad80f42aa26

  • SHA1

    d95eb8d61bae1ea74ca5a912cfb6e3efce98171c

  • SHA256

    60ee15bea471255118739cf1e2032d29ddc4530f062dd847a07620947ed8b509

  • SHA512

    b4ee9f6f8fa91847fad2fb900a3f439f345da7a003a880e9c09693e756f4fe77e9c0fede156eec7496536da004718027ebb98fbc70922f500cdb5ab6ad55ce6b

  • SSDEEP

    6144:XzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:tDHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      2024010659d77d37447ce127e2296ad80f42aa26karaganymafia.exe

    • Size

      308KB

    • MD5

      59d77d37447ce127e2296ad80f42aa26

    • SHA1

      d95eb8d61bae1ea74ca5a912cfb6e3efce98171c

    • SHA256

      60ee15bea471255118739cf1e2032d29ddc4530f062dd847a07620947ed8b509

    • SHA512

      b4ee9f6f8fa91847fad2fb900a3f439f345da7a003a880e9c09693e756f4fe77e9c0fede156eec7496536da004718027ebb98fbc70922f500cdb5ab6ad55ce6b

    • SSDEEP

      6144:XzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:tDHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks