General

  • Target

    2024-03-22_d441f71209c6e540d383f986bb3cf6fd_gandcrab

  • Size

    145KB

  • Sample

    240322-q986naef2w

  • MD5

    d441f71209c6e540d383f986bb3cf6fd

  • SHA1

    721495b7c8dabecb37d660fdd55be86fe8df4ea9

  • SHA256

    0ef81ab59de0d9e89c915bd0fb489cf34e6b23d61ce328e989e10b0d3dec877e

  • SHA512

    0fcbdb5b8f6f8b62f0e8ee0d1b4f5647e163b23279756925a71cd3a8b2d94e6adf7a1f0385aefc3f9e8d9adf169dcba7ccaaee0356adf65955461bf6b574c826

  • SSDEEP

    3072:WYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:WyOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-03-22_d441f71209c6e540d383f986bb3cf6fd_gandcrab

    • Size

      145KB

    • MD5

      d441f71209c6e540d383f986bb3cf6fd

    • SHA1

      721495b7c8dabecb37d660fdd55be86fe8df4ea9

    • SHA256

      0ef81ab59de0d9e89c915bd0fb489cf34e6b23d61ce328e989e10b0d3dec877e

    • SHA512

      0fcbdb5b8f6f8b62f0e8ee0d1b4f5647e163b23279756925a71cd3a8b2d94e6adf7a1f0385aefc3f9e8d9adf169dcba7ccaaee0356adf65955461bf6b574c826

    • SSDEEP

      3072:WYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:WyOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks