General

  • Target

    2024-03-22_58b487b096c51c23459c76324999aa67_karagany_mafia

  • Size

    308KB

  • Sample

    240322-3hbsasda7w

  • MD5

    58b487b096c51c23459c76324999aa67

  • SHA1

    e4bc8f58bb7766b1f794f052b5e742ebadb9c111

  • SHA256

    34423cae441ef9653bb9082e6fa4ce9e3fec54968521a6d98a03a9ef6cd4e792

  • SHA512

    71563706513a4cf8b5e302628cf4b8969f6dbd5fe7936cf16ce325c763e90640ba05726da914788d5f59af58710d9850f9f411cf3dbc3ab95804f4ab43be2208

  • SSDEEP

    6144:+zL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:8DHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      2024-03-22_58b487b096c51c23459c76324999aa67_karagany_mafia

    • Size

      308KB

    • MD5

      58b487b096c51c23459c76324999aa67

    • SHA1

      e4bc8f58bb7766b1f794f052b5e742ebadb9c111

    • SHA256

      34423cae441ef9653bb9082e6fa4ce9e3fec54968521a6d98a03a9ef6cd4e792

    • SHA512

      71563706513a4cf8b5e302628cf4b8969f6dbd5fe7936cf16ce325c763e90640ba05726da914788d5f59af58710d9850f9f411cf3dbc3ab95804f4ab43be2208

    • SSDEEP

      6144:+zL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:8DHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks