General

  • Target

    2024-03-24_53ffa559635252ea17fdf33b1f617053_karagany_mafia

  • Size

    250KB

  • Sample

    240324-jfabxaah53

  • MD5

    53ffa559635252ea17fdf33b1f617053

  • SHA1

    776cd762b9ff1ce8112fbdb23bb3e2d602497991

  • SHA256

    5acbeed7d9135feacec7c521b926e8e0a738b8d5d08fccd04078e49e9a0fe9c3

  • SHA512

    df4fa35160d9db23b8531e59d7c3a00049114da289fe2de680ee9b323873a1645899ad23e8c31f72aec9a772cb82ca4c5f82ed00cdc6ed440d4f4f02314204b6

  • SSDEEP

    3072:H/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:H/y20Gj0r+EBFrkvlU3RvIUDOIN

Malware Config

Targets

    • Target

      2024-03-24_53ffa559635252ea17fdf33b1f617053_karagany_mafia

    • Size

      250KB

    • MD5

      53ffa559635252ea17fdf33b1f617053

    • SHA1

      776cd762b9ff1ce8112fbdb23bb3e2d602497991

    • SHA256

      5acbeed7d9135feacec7c521b926e8e0a738b8d5d08fccd04078e49e9a0fe9c3

    • SHA512

      df4fa35160d9db23b8531e59d7c3a00049114da289fe2de680ee9b323873a1645899ad23e8c31f72aec9a772cb82ca4c5f82ed00cdc6ed440d4f4f02314204b6

    • SSDEEP

      3072:H/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:H/y20Gj0r+EBFrkvlU3RvIUDOIN

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks