General

  • Target

    2024-03-24_8a7578e520adb8ec68637194ec479bd7_magniber

  • Size

    277KB

  • Sample

    240324-elk85she28

  • MD5

    8a7578e520adb8ec68637194ec479bd7

  • SHA1

    d926678d157efe6943fce7cd1897cc9fd91fa78d

  • SHA256

    6baa43edac08fda5d9b64245b85aaae0ce1a8a87f6994d8f0622f11d3140d2f3

  • SHA512

    14afe91849d877cb2224b6d6375f48ac470ba10ef22fb7c6c9d15b1d3fdf8f90a130959af1d9441bb36185e53433385893eb22360771e89bc0fd734e818ba7ec

  • SSDEEP

    6144:33nHPDm0jLAu6Y5jEw564aoJxmhuw1AFkHK/:Hvbjf6YNFehQwo

Malware Config

Targets

    • Target

      2024-03-24_8a7578e520adb8ec68637194ec479bd7_magniber

    • Size

      277KB

    • MD5

      8a7578e520adb8ec68637194ec479bd7

    • SHA1

      d926678d157efe6943fce7cd1897cc9fd91fa78d

    • SHA256

      6baa43edac08fda5d9b64245b85aaae0ce1a8a87f6994d8f0622f11d3140d2f3

    • SHA512

      14afe91849d877cb2224b6d6375f48ac470ba10ef22fb7c6c9d15b1d3fdf8f90a130959af1d9441bb36185e53433385893eb22360771e89bc0fd734e818ba7ec

    • SSDEEP

      6144:33nHPDm0jLAu6Y5jEw564aoJxmhuw1AFkHK/:Hvbjf6YNFehQwo

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks