General

  • Target

    2024-03-23_0304685cccac96392c2359e926501e3f_karagany_mafia

  • Size

    308KB

  • Sample

    240323-3cprzaea34

  • MD5

    0304685cccac96392c2359e926501e3f

  • SHA1

    77bf39658a4f0dd2e82fc5b7f558a5bb72d24ba4

  • SHA256

    4097ce434b5182d63e2cd20a50e754f995e8d5df03c08a067ef1bfeca38ee5cc

  • SHA512

    00729c8bd5d499dbeafe95c44249d6e9adcc5434378a3bacc2386aaf50d267d0d66d7466b1391d54e29e3051e643d66f6148fdc99cd1f812823e1857b9b2dcb8

  • SSDEEP

    6144:FzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:7DHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      2024-03-23_0304685cccac96392c2359e926501e3f_karagany_mafia

    • Size

      308KB

    • MD5

      0304685cccac96392c2359e926501e3f

    • SHA1

      77bf39658a4f0dd2e82fc5b7f558a5bb72d24ba4

    • SHA256

      4097ce434b5182d63e2cd20a50e754f995e8d5df03c08a067ef1bfeca38ee5cc

    • SHA512

      00729c8bd5d499dbeafe95c44249d6e9adcc5434378a3bacc2386aaf50d267d0d66d7466b1391d54e29e3051e643d66f6148fdc99cd1f812823e1857b9b2dcb8

    • SSDEEP

      6144:FzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:7DHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks