General
-
Target
2024-03-29_d0cc74d54a208073ff298ba147171b15_karagany_mafia
-
Size
308KB
-
Sample
240329-1q7tlaaf71
-
MD5
d0cc74d54a208073ff298ba147171b15
-
SHA1
74dd060d842852b34d8bef833967b98a064bfce7
-
SHA256
cfec01a5f4fc8c4fe47ca844630b45008993867c8dc831c8647e6dbbdea29ca1
-
SHA512
94d95ebf06c3674fd1983ac4f7ae7d55363dc1182db5699fc31fc2f06ab87b1c23d184bf8718ee0f43f790a009edeb228346546db81ba5a5f86795553e2bad39
-
SSDEEP
6144:kZ5fh1s4mex2OO8bAiZ0YDChe8UN5alW6jx+n:w5frs4f2OOm/Ao8UNglGn
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-29_d0cc74d54a208073ff298ba147171b15_karagany_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-29_d0cc74d54a208073ff298ba147171b15_karagany_mafia.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2024-03-29_d0cc74d54a208073ff298ba147171b15_karagany_mafia
-
Size
308KB
-
MD5
d0cc74d54a208073ff298ba147171b15
-
SHA1
74dd060d842852b34d8bef833967b98a064bfce7
-
SHA256
cfec01a5f4fc8c4fe47ca844630b45008993867c8dc831c8647e6dbbdea29ca1
-
SHA512
94d95ebf06c3674fd1983ac4f7ae7d55363dc1182db5699fc31fc2f06ab87b1c23d184bf8718ee0f43f790a009edeb228346546db81ba5a5f86795553e2bad39
-
SSDEEP
6144:kZ5fh1s4mex2OO8bAiZ0YDChe8UN5alW6jx+n:w5frs4f2OOm/Ao8UNglGn
Score10/10-
GandCrab payload
-
Detects Reflective DLL injection artifacts
-
Detects ransomware indicator
-
Gandcrab Payload
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-