General
-
Target
2024-01-27_e49efd46fc3368fec894f88e5050fb32_karagany_mafia
-
Size
250KB
-
Sample
240127-c5837sdacr
-
MD5
e49efd46fc3368fec894f88e5050fb32
-
SHA1
229bdeafbdf4965f0648bf0a274125c7fd96b04b
-
SHA256
8fd35af7b0494da1a4aa3a3cd74c24c2d3c125d29b903b53236bd1805f9e509a
-
SHA512
82aee56ec1e66be24a13fb6913fc0fe778a70bc540e48f7d018fbf2f33fdd6277838b33f08aeb33d7f91838b9547dbeb12f25f5c2937f283960578fc51751d93
-
SSDEEP
3072:2/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:2/y20Gj0r+EBFrkvlU3RvIUDOIN
Malware Config
Targets
-
-
Target
2024-01-27_e49efd46fc3368fec894f88e5050fb32_karagany_mafia
-
Size
250KB
-
MD5
e49efd46fc3368fec894f88e5050fb32
-
SHA1
229bdeafbdf4965f0648bf0a274125c7fd96b04b
-
SHA256
8fd35af7b0494da1a4aa3a3cd74c24c2d3c125d29b903b53236bd1805f9e509a
-
SHA512
82aee56ec1e66be24a13fb6913fc0fe778a70bc540e48f7d018fbf2f33fdd6277838b33f08aeb33d7f91838b9547dbeb12f25f5c2937f283960578fc51751d93
-
SSDEEP
3072:2/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:2/y20Gj0r+EBFrkvlU3RvIUDOIN
Score10/10-
GandCrab payload
-
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Detects Reflective DLL injection artifacts
-
Detects ransomware indicator
-
Gandcrab Payload
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-