General

  • Target

    2024-03-22_5013675b6f2413e42ca17ee6b67d642c_gandcrab

  • Size

    145KB

  • Sample

    240322-lj5ckacg7z

  • MD5

    5013675b6f2413e42ca17ee6b67d642c

  • SHA1

    a357e9b9fd243f3693a488f992114b2528feb019

  • SHA256

    2a7907352b0e819f1be74fed5c630d481b87190fe3ce1e14f947e9fe2e5637f8

  • SHA512

    5dbeaf052a9bdb1711a7354b0658cf0a530c3a918f6e6e2dbf75738b8b98cd2a2a649650dcab394a99e5035398cc6fe5e69fc561c55ea271abcf880a47d34703

  • SSDEEP

    3072:EYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:EyOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-03-22_5013675b6f2413e42ca17ee6b67d642c_gandcrab

    • Size

      145KB

    • MD5

      5013675b6f2413e42ca17ee6b67d642c

    • SHA1

      a357e9b9fd243f3693a488f992114b2528feb019

    • SHA256

      2a7907352b0e819f1be74fed5c630d481b87190fe3ce1e14f947e9fe2e5637f8

    • SHA512

      5dbeaf052a9bdb1711a7354b0658cf0a530c3a918f6e6e2dbf75738b8b98cd2a2a649650dcab394a99e5035398cc6fe5e69fc561c55ea271abcf880a47d34703

    • SSDEEP

      3072:EYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:EyOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks