General

  • Target

    2024-03-22_4abfbccf7a4fb933d987c70aaa941735_gandcrab

  • Size

    145KB

  • Sample

    240322-ljlv8acg7t

  • MD5

    4abfbccf7a4fb933d987c70aaa941735

  • SHA1

    ae0da7c9693fee7e5eb7b8577b030da83676cafc

  • SHA256

    1e110c4c1bd515e76cf280ef2669778eb9665d8914800889f6c24d85c91b7202

  • SHA512

    92404dc12a1e2a540c891b713973f608d5356330c7e114947cafc43b3346720f7a801f79c5634f98a2e3c110ad0a727333a7b01b976c2bc00746732a5dd54e91

  • SSDEEP

    3072:LYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:LyOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-03-22_4abfbccf7a4fb933d987c70aaa941735_gandcrab

    • Size

      145KB

    • MD5

      4abfbccf7a4fb933d987c70aaa941735

    • SHA1

      ae0da7c9693fee7e5eb7b8577b030da83676cafc

    • SHA256

      1e110c4c1bd515e76cf280ef2669778eb9665d8914800889f6c24d85c91b7202

    • SHA512

      92404dc12a1e2a540c891b713973f608d5356330c7e114947cafc43b3346720f7a801f79c5634f98a2e3c110ad0a727333a7b01b976c2bc00746732a5dd54e91

    • SSDEEP

      3072:LYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:LyOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks