General

  • Target

    2024-03-24_5a74ec2b703bc802b14225d31dfffafd_karagany_mafia

  • Size

    250KB

  • Sample

    240324-rss9jsfh6z

  • MD5

    5a74ec2b703bc802b14225d31dfffafd

  • SHA1

    91dd72284489559a59295af8cf800c606cc652d3

  • SHA256

    d3740c9235bdc074f0ca5a8a54c0f82a1813b7697428912e0c65d5bbbc708f0a

  • SHA512

    b7d37c5fd33dd6023a92a1b524f941fd6122a8dbe43a651452bdf9e173250d0f64e60879739ce9ae9ed9057f22705554ec4aea9fdf1c9faa4dc0ffcd64e4700e

  • SSDEEP

    3072:5/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:5/y20Gj0r+EBFrkvlU3RvIUDOIN

Malware Config

Targets

    • Target

      2024-03-24_5a74ec2b703bc802b14225d31dfffafd_karagany_mafia

    • Size

      250KB

    • MD5

      5a74ec2b703bc802b14225d31dfffafd

    • SHA1

      91dd72284489559a59295af8cf800c606cc652d3

    • SHA256

      d3740c9235bdc074f0ca5a8a54c0f82a1813b7697428912e0c65d5bbbc708f0a

    • SHA512

      b7d37c5fd33dd6023a92a1b524f941fd6122a8dbe43a651452bdf9e173250d0f64e60879739ce9ae9ed9057f22705554ec4aea9fdf1c9faa4dc0ffcd64e4700e

    • SSDEEP

      3072:5/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:5/y20Gj0r+EBFrkvlU3RvIUDOIN

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks