General

  • Target

    2024-03-24_6fc70426ed3ea759c471c0c9abd39451_gandcrab

  • Size

    145KB

  • Sample

    240324-ef9dsahd64

  • MD5

    6fc70426ed3ea759c471c0c9abd39451

  • SHA1

    f4a7d2ef860c61b319645b933dcaa38ca2dfef88

  • SHA256

    d4d3cc74d55ebcf8cea96df1092caa66660697b6223a3c765b365a682f9acc42

  • SHA512

    6fe97428128e04ca3a5c920c4ca6fc3076d6fbaf23757d67748ef7f5509eeda9952ca142cb5b599775aa2fce60fe69e66b4eb9843664bbecc9dda4425b22447b

  • SSDEEP

    3072:jYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:jyOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-03-24_6fc70426ed3ea759c471c0c9abd39451_gandcrab

    • Size

      145KB

    • MD5

      6fc70426ed3ea759c471c0c9abd39451

    • SHA1

      f4a7d2ef860c61b319645b933dcaa38ca2dfef88

    • SHA256

      d4d3cc74d55ebcf8cea96df1092caa66660697b6223a3c765b365a682f9acc42

    • SHA512

      6fe97428128e04ca3a5c920c4ca6fc3076d6fbaf23757d67748ef7f5509eeda9952ca142cb5b599775aa2fce60fe69e66b4eb9843664bbecc9dda4425b22447b

    • SSDEEP

      3072:jYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:jyOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks