General

  • Target

    2024-03-22_949be67a831989f517c9e79eb1e3ecfc_karagany_mafia

  • Size

    316KB

  • Sample

    240322-lrzr2sch7w

  • MD5

    949be67a831989f517c9e79eb1e3ecfc

  • SHA1

    d7316dc85f1c385bc2b821bc3684d08fc7d61714

  • SHA256

    604103b96c216dad182cd03a4010fae314c28e5df85e9409e9fd26e0f22aa2aa

  • SHA512

    cea6ad64db26456d399e10a5b22dccae1b4e46c4a507d8dd50ae5f629545b8f11b6d947b00f42595d78f37475f963a7578abfe20b72451e40effc3ce912fa1e9

  • SSDEEP

    3072:Cb9c6Cbk07hdRhduItP/emDHBNTXn7BS4FI0rzBNZ237Qct7PX432gwbNTfSmov7:CIk0DwyemtpnFD/c7QUA32bNTFeHDr

Malware Config

Targets

    • Target

      2024-03-22_949be67a831989f517c9e79eb1e3ecfc_karagany_mafia

    • Size

      316KB

    • MD5

      949be67a831989f517c9e79eb1e3ecfc

    • SHA1

      d7316dc85f1c385bc2b821bc3684d08fc7d61714

    • SHA256

      604103b96c216dad182cd03a4010fae314c28e5df85e9409e9fd26e0f22aa2aa

    • SHA512

      cea6ad64db26456d399e10a5b22dccae1b4e46c4a507d8dd50ae5f629545b8f11b6d947b00f42595d78f37475f963a7578abfe20b72451e40effc3ce912fa1e9

    • SSDEEP

      3072:Cb9c6Cbk07hdRhduItP/emDHBNTXn7BS4FI0rzBNZ237Qct7PX432gwbNTfSmov7:CIk0DwyemtpnFD/c7QUA32bNTFeHDr

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks