General

  • Target

    2024-03-24_72c91899bfa673a7594be72cae51bce7_karagany_mafia

  • Size

    222KB

  • Sample

    240324-npjn6acc92

  • MD5

    72c91899bfa673a7594be72cae51bce7

  • SHA1

    cb92c024f57b9db408a66eccc8d1afc7df60d93c

  • SHA256

    f52a6df331f3ce528f9f5608d3698227831cf7c713f5ea41770a4a90ee223409

  • SHA512

    49621d3f742d8755a83be180f90599ff1843e39e1af7064259bac0018643bbf0429d6477e2afb259a59dc2e77ba8739d85e05951a590ff7407338ce2d018e5a2

  • SSDEEP

    3072:1BbWxYKFDnqvffIj0nStxBN3cwqvcQr3YTfVEPnYbl3/YrDAEioKhAv/:1BkYKZSYYnS1xecmoT2nYbdEKs/

Malware Config

Targets

    • Target

      2024-03-24_72c91899bfa673a7594be72cae51bce7_karagany_mafia

    • Size

      222KB

    • MD5

      72c91899bfa673a7594be72cae51bce7

    • SHA1

      cb92c024f57b9db408a66eccc8d1afc7df60d93c

    • SHA256

      f52a6df331f3ce528f9f5608d3698227831cf7c713f5ea41770a4a90ee223409

    • SHA512

      49621d3f742d8755a83be180f90599ff1843e39e1af7064259bac0018643bbf0429d6477e2afb259a59dc2e77ba8739d85e05951a590ff7407338ce2d018e5a2

    • SSDEEP

      3072:1BbWxYKFDnqvffIj0nStxBN3cwqvcQr3YTfVEPnYbl3/YrDAEioKhAv/:1BkYKZSYYnS1xecmoT2nYbdEKs/

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks