General

  • Target

    2024-03-24_cefa09f1cd3e0c5769daa8f61e50ab03_gandcrab

  • Size

    145KB

  • Sample

    240324-gn6zqsac68

  • MD5

    cefa09f1cd3e0c5769daa8f61e50ab03

  • SHA1

    8ddbb050794bbafe9582a235f9c37bf38ca3518c

  • SHA256

    46feaaeb9987ea13a0d9babefaea0af71b076ab9e5a05ae762da64c2bf7b91d6

  • SHA512

    3df4a6c3aafb6f41cab795ae4a5ec52ce63c5d8dbe52049a439e00ba49003b8d988d09dc7cb2dd615067bb8a5a30fd161628d97df845f356c2355251fad59ec9

  • SSDEEP

    3072:lYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:lyOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-03-24_cefa09f1cd3e0c5769daa8f61e50ab03_gandcrab

    • Size

      145KB

    • MD5

      cefa09f1cd3e0c5769daa8f61e50ab03

    • SHA1

      8ddbb050794bbafe9582a235f9c37bf38ca3518c

    • SHA256

      46feaaeb9987ea13a0d9babefaea0af71b076ab9e5a05ae762da64c2bf7b91d6

    • SHA512

      3df4a6c3aafb6f41cab795ae4a5ec52ce63c5d8dbe52049a439e00ba49003b8d988d09dc7cb2dd615067bb8a5a30fd161628d97df845f356c2355251fad59ec9

    • SSDEEP

      3072:lYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:lyOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks