General

  • Target

    2024-03-24_baec4efdd78adfa12238f186e93924ba_karagany_mafia

  • Size

    308KB

  • Sample

    240324-jnvyksba52

  • MD5

    baec4efdd78adfa12238f186e93924ba

  • SHA1

    d58fd5aba330bc81297cd68e10c6323b8fb685e4

  • SHA256

    d127717ee5b0899b12703c0a444b06a456361e4d761eca3bf5a59b1ac6e6e1f0

  • SHA512

    38c8b897c87e5ed894baf0cb6a7c1a35dcc07e8769d286cd5ae99531d0aac7473c804d1f2ff034b7874fb316ff6042ae7d9e9540878da86c7e54ff7efc33d754

  • SSDEEP

    6144:vzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:FDHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      2024-03-24_baec4efdd78adfa12238f186e93924ba_karagany_mafia

    • Size

      308KB

    • MD5

      baec4efdd78adfa12238f186e93924ba

    • SHA1

      d58fd5aba330bc81297cd68e10c6323b8fb685e4

    • SHA256

      d127717ee5b0899b12703c0a444b06a456361e4d761eca3bf5a59b1ac6e6e1f0

    • SHA512

      38c8b897c87e5ed894baf0cb6a7c1a35dcc07e8769d286cd5ae99531d0aac7473c804d1f2ff034b7874fb316ff6042ae7d9e9540878da86c7e54ff7efc33d754

    • SSDEEP

      6144:vzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:FDHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks