General

  • Target

    2024-03-24_c8d13f1c8afbe4f64f2b1d6bfef00342_karagany_mafia

  • Size

    250KB

  • Sample

    240324-cby15saf7v

  • MD5

    c8d13f1c8afbe4f64f2b1d6bfef00342

  • SHA1

    20f9b20da9ffc11eb18ddfb08d51e98500fcf4ad

  • SHA256

    c32549f2b3140ab8637afefe3e5b8f2db5b1a47455f77e2a7b68a834a3f8c6bf

  • SHA512

    f262d2640ea60890566dd4c4ef0a1be01ffd395de7f8006b3c4787ed28d0da6ebb17557c5e78b55902a4dcab52324ffbc820836f63eb6ba86c6668cd1f9de6e2

  • SSDEEP

    3072:U/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:U/y20Gj0r+EBFrkvlU3RvIUDOIN

Malware Config

Targets

    • Target

      2024-03-24_c8d13f1c8afbe4f64f2b1d6bfef00342_karagany_mafia

    • Size

      250KB

    • MD5

      c8d13f1c8afbe4f64f2b1d6bfef00342

    • SHA1

      20f9b20da9ffc11eb18ddfb08d51e98500fcf4ad

    • SHA256

      c32549f2b3140ab8637afefe3e5b8f2db5b1a47455f77e2a7b68a834a3f8c6bf

    • SHA512

      f262d2640ea60890566dd4c4ef0a1be01ffd395de7f8006b3c4787ed28d0da6ebb17557c5e78b55902a4dcab52324ffbc820836f63eb6ba86c6668cd1f9de6e2

    • SSDEEP

      3072:U/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:U/y20Gj0r+EBFrkvlU3RvIUDOIN

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks