General

  • Target

    2024-03-23_aa478c31ccadb26dd702706e0f442333_mafia

  • Size

    300KB

  • Sample

    240323-3rhbfaec99

  • MD5

    aa478c31ccadb26dd702706e0f442333

  • SHA1

    8d651632fa3d3cd477712fde971c31764821b210

  • SHA256

    91b09fd6d919270d0802e943dcdf24708f178717eadb986b6c97f64486ea15cc

  • SHA512

    306d1f97c6844d82e32e2cddc981ba514e03fa7e32608c1a5852939ecbc3aa928280ef56a71f7ab5bd8e8f6f96ee6dd8416c55e93e0b8622d6c5ba9ef12ef102

  • SSDEEP

    6144:1vEANMO1UnseVgkV0xwvfxnhLTiusLe1740B:WuM0Unsna5mut40B

Malware Config

Targets

    • Target

      2024-03-23_aa478c31ccadb26dd702706e0f442333_mafia

    • Size

      300KB

    • MD5

      aa478c31ccadb26dd702706e0f442333

    • SHA1

      8d651632fa3d3cd477712fde971c31764821b210

    • SHA256

      91b09fd6d919270d0802e943dcdf24708f178717eadb986b6c97f64486ea15cc

    • SHA512

      306d1f97c6844d82e32e2cddc981ba514e03fa7e32608c1a5852939ecbc3aa928280ef56a71f7ab5bd8e8f6f96ee6dd8416c55e93e0b8622d6c5ba9ef12ef102

    • SSDEEP

      6144:1vEANMO1UnseVgkV0xwvfxnhLTiusLe1740B:WuM0Unsna5mut40B

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks