General

  • Target

    2024-03-22_d6b8ecb42129d7ea4875aeb0fc9f4f93_gandcrab

  • Size

    145KB

  • Sample

    240322-kl7p2aad97

  • MD5

    d6b8ecb42129d7ea4875aeb0fc9f4f93

  • SHA1

    807884f01b2038aee2467be328c6b54b9726b96a

  • SHA256

    c650217de1fcf0baab9cac27abd94a766c1d63fbe608aa3d45d438060680ab09

  • SHA512

    39a5edd86373bfe8dfff49d3ade52b3a5a7c14732a0d40e47d2b238f079d2a582aef6a31f86de72cc6bddaf1df456479c9a49c837b72449eca879cbfd21bdbfe

  • SSDEEP

    3072:3YHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:3yOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-03-22_d6b8ecb42129d7ea4875aeb0fc9f4f93_gandcrab

    • Size

      145KB

    • MD5

      d6b8ecb42129d7ea4875aeb0fc9f4f93

    • SHA1

      807884f01b2038aee2467be328c6b54b9726b96a

    • SHA256

      c650217de1fcf0baab9cac27abd94a766c1d63fbe608aa3d45d438060680ab09

    • SHA512

      39a5edd86373bfe8dfff49d3ade52b3a5a7c14732a0d40e47d2b238f079d2a582aef6a31f86de72cc6bddaf1df456479c9a49c837b72449eca879cbfd21bdbfe

    • SSDEEP

      3072:3YHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:3yOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks