General

  • Target

    2024-03-22_c8b9fc0c898c49205b9ce8ad0dedb60b_gandcrab

  • Size

    145KB

  • Sample

    240322-kkpg3ace6y

  • MD5

    c8b9fc0c898c49205b9ce8ad0dedb60b

  • SHA1

    3e8fba01796d8b9275486f1b2503ec01a28d30ad

  • SHA256

    4cf38ac0fbb0bf738d40d64c5d58a9d97767fc1ad170d8efe582312ac778d91c

  • SHA512

    aa9653b21df8a08407a0f0efe4f1a8a50b03c253709cdc88e7ed0b632e770fbd23b3782c9617471447758ad8ed719f039000ff53f355845ab37fe4064f0d9a04

  • SSDEEP

    3072:TYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:TyOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-03-22_c8b9fc0c898c49205b9ce8ad0dedb60b_gandcrab

    • Size

      145KB

    • MD5

      c8b9fc0c898c49205b9ce8ad0dedb60b

    • SHA1

      3e8fba01796d8b9275486f1b2503ec01a28d30ad

    • SHA256

      4cf38ac0fbb0bf738d40d64c5d58a9d97767fc1ad170d8efe582312ac778d91c

    • SHA512

      aa9653b21df8a08407a0f0efe4f1a8a50b03c253709cdc88e7ed0b632e770fbd23b3782c9617471447758ad8ed719f039000ff53f355845ab37fe4064f0d9a04

    • SSDEEP

      3072:TYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:TyOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks