General

  • Target

    2024-03-22_17a07b0b9a3ddea449c1f2dcea2de29e_gandcrab

  • Size

    145KB

  • Sample

    240322-3czbeaac75

  • MD5

    17a07b0b9a3ddea449c1f2dcea2de29e

  • SHA1

    68e342c956b3aa54963e5010f43cedefc5e3c563

  • SHA256

    bfd2896f95b4e4f0115654c666ce4e106268170ac2c8d5ecc3135c6bc9341f90

  • SHA512

    4149c9a425df470c5232c5c9be669c5359a4d90bc690812cefae11ddbdc351c95da7a4ca4da42618f8450aab3554685d31cad06dca8ecb9ee0c2e105ed045c13

  • SSDEEP

    3072:MYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:MyOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-03-22_17a07b0b9a3ddea449c1f2dcea2de29e_gandcrab

    • Size

      145KB

    • MD5

      17a07b0b9a3ddea449c1f2dcea2de29e

    • SHA1

      68e342c956b3aa54963e5010f43cedefc5e3c563

    • SHA256

      bfd2896f95b4e4f0115654c666ce4e106268170ac2c8d5ecc3135c6bc9341f90

    • SHA512

      4149c9a425df470c5232c5c9be669c5359a4d90bc690812cefae11ddbdc351c95da7a4ca4da42618f8450aab3554685d31cad06dca8ecb9ee0c2e105ed045c13

    • SSDEEP

      3072:MYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:MyOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks