General

  • Target

    2024-03-22_2c67246f1cbdd6f3cc0f6d73ea0b9b16_karagany_mafia

  • Size

    250KB

  • Sample

    240322-3efl3sac94

  • MD5

    2c67246f1cbdd6f3cc0f6d73ea0b9b16

  • SHA1

    f69897abd16c5794a7295fec29dd02d8fddf66bc

  • SHA256

    15cf1787c05c64b25b79ee834d8589663638265da485cb80c04964da940ebd17

  • SHA512

    94154936b226b887cebc50344f087245f57968659eaf11dae0788405b5c88f4848bed8f382e68b7e9ad326a91ae6d216004eb876256cc566d62fa41b17fc7bcc

  • SSDEEP

    3072:V/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:V/y20Gj0r+EBFrkvlU3RvIUDOIN

Malware Config

Targets

    • Target

      2024-03-22_2c67246f1cbdd6f3cc0f6d73ea0b9b16_karagany_mafia

    • Size

      250KB

    • MD5

      2c67246f1cbdd6f3cc0f6d73ea0b9b16

    • SHA1

      f69897abd16c5794a7295fec29dd02d8fddf66bc

    • SHA256

      15cf1787c05c64b25b79ee834d8589663638265da485cb80c04964da940ebd17

    • SHA512

      94154936b226b887cebc50344f087245f57968659eaf11dae0788405b5c88f4848bed8f382e68b7e9ad326a91ae6d216004eb876256cc566d62fa41b17fc7bcc

    • SSDEEP

      3072:V/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:V/y20Gj0r+EBFrkvlU3RvIUDOIN

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks