General

  • Target

    2024-03-24_cf9d9b77e54454b72e5a256d2991682a_mafia

  • Size

    316KB

  • Sample

    240324-hpd6sadc6t

  • MD5

    cf9d9b77e54454b72e5a256d2991682a

  • SHA1

    c8da50f27ae20954a3a3042fb85d90d2fe5df4b5

  • SHA256

    f75bc7022fea1ee8747c049cc71b9106abbd6745817d4d08db08230a88379fd4

  • SHA512

    fa949ce4408cdaa70764299ae7913383bca72379f0f5d6d6c548d706d5a6337abf5068d656236bf3b4c970df92f44446dbfe995fb9e0b4289f55e7ee4613d48c

  • SSDEEP

    6144:UvExNMO1UnseVgkV0xwvfxnhLTiusLe1740/:DTM0Unsna5mut40/

Malware Config

Targets

    • Target

      2024-03-24_cf9d9b77e54454b72e5a256d2991682a_mafia

    • Size

      316KB

    • MD5

      cf9d9b77e54454b72e5a256d2991682a

    • SHA1

      c8da50f27ae20954a3a3042fb85d90d2fe5df4b5

    • SHA256

      f75bc7022fea1ee8747c049cc71b9106abbd6745817d4d08db08230a88379fd4

    • SHA512

      fa949ce4408cdaa70764299ae7913383bca72379f0f5d6d6c548d706d5a6337abf5068d656236bf3b4c970df92f44446dbfe995fb9e0b4289f55e7ee4613d48c

    • SSDEEP

      6144:UvExNMO1UnseVgkV0xwvfxnhLTiusLe1740/:DTM0Unsna5mut40/

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks