General

  • Target

    2024-03-24_0c5d6c010a57c5c647aa87d2b3162e55_gandcrab

  • Size

    145KB

  • Sample

    240324-pl5mwscg22

  • MD5

    0c5d6c010a57c5c647aa87d2b3162e55

  • SHA1

    98bfd84b9ca738ea7583c8ecad3f4fb3ea53c16c

  • SHA256

    ad15d122fcebba8f1999872b702dc1de74145698040d8eee6568ae2b780c1e71

  • SHA512

    05f71d23a4e7326fc49bcc5ff51c79ea8f9783d7e425e5b5e8a81a8bc577856c6ffff03336ae24f4d9b0336a7b96c127a7d06fa7d66116643bef508f52420fae

  • SSDEEP

    3072:HYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:HyOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-03-24_0c5d6c010a57c5c647aa87d2b3162e55_gandcrab

    • Size

      145KB

    • MD5

      0c5d6c010a57c5c647aa87d2b3162e55

    • SHA1

      98bfd84b9ca738ea7583c8ecad3f4fb3ea53c16c

    • SHA256

      ad15d122fcebba8f1999872b702dc1de74145698040d8eee6568ae2b780c1e71

    • SHA512

      05f71d23a4e7326fc49bcc5ff51c79ea8f9783d7e425e5b5e8a81a8bc577856c6ffff03336ae24f4d9b0336a7b96c127a7d06fa7d66116643bef508f52420fae

    • SSDEEP

      3072:HYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:HyOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks