General

  • Target

    2024-03-24_c40daabceaec8cba673298140adbf45b_karagany_mafia

  • Size

    308KB

  • Sample

    240324-evhjlshf33

  • MD5

    c40daabceaec8cba673298140adbf45b

  • SHA1

    6f02806aa01a1dc47710836e335053b2feec43c4

  • SHA256

    8685de5cc3099e9644202fe907a18636897f171c2af9b2658d55b3fccce9f764

  • SHA512

    c09ddb4b3afea0eac593dbe69c97f6349f867362eff0bdc9d1c81440439cf85a3c9a709a5c6c9b5499797f1e5df31188497f3d0e822727ac6b4f4d80206f40c0

  • SSDEEP

    6144:WzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:UDHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      2024-03-24_c40daabceaec8cba673298140adbf45b_karagany_mafia

    • Size

      308KB

    • MD5

      c40daabceaec8cba673298140adbf45b

    • SHA1

      6f02806aa01a1dc47710836e335053b2feec43c4

    • SHA256

      8685de5cc3099e9644202fe907a18636897f171c2af9b2658d55b3fccce9f764

    • SHA512

      c09ddb4b3afea0eac593dbe69c97f6349f867362eff0bdc9d1c81440439cf85a3c9a709a5c6c9b5499797f1e5df31188497f3d0e822727ac6b4f4d80206f40c0

    • SSDEEP

      6144:WzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:UDHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks