General

  • Target

    2024-03-24_eb1dd2372c30fd74f4049edb1f182398_karagany_mafia

  • Size

    250KB

  • Sample

    240324-mqqnesca62

  • MD5

    eb1dd2372c30fd74f4049edb1f182398

  • SHA1

    9a539558a45954f88ddf9127682e590d7813cf4c

  • SHA256

    a2fdeab6519ecaa092667cde96fa92e6cf70ca2b0ee786376b6df59229a7986a

  • SHA512

    2806121622054bcf3c9ee4c77195e44ab19f4831cac1a1826be9fcf1a89ebbada8a8a8f8907938f100c87a1c560757941c0d65ce05d3d7c0674ed70726df9a1e

  • SSDEEP

    6144:G+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxXq:yOCjaklYgVIpxIhDtR

Malware Config

Targets

    • Target

      2024-03-24_eb1dd2372c30fd74f4049edb1f182398_karagany_mafia

    • Size

      250KB

    • MD5

      eb1dd2372c30fd74f4049edb1f182398

    • SHA1

      9a539558a45954f88ddf9127682e590d7813cf4c

    • SHA256

      a2fdeab6519ecaa092667cde96fa92e6cf70ca2b0ee786376b6df59229a7986a

    • SHA512

      2806121622054bcf3c9ee4c77195e44ab19f4831cac1a1826be9fcf1a89ebbada8a8a8f8907938f100c87a1c560757941c0d65ce05d3d7c0674ed70726df9a1e

    • SSDEEP

      6144:G+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxXq:yOCjaklYgVIpxIhDtR

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks