General

  • Target

    2024-04-10_33eb8bc4de65f4bef0ccb3fdc069e4c7_karagany_mafia

  • Size

    308KB

  • Sample

    240410-nlyc5shb7x

  • MD5

    33eb8bc4de65f4bef0ccb3fdc069e4c7

  • SHA1

    74d04a87f536f428c652a4e4fe69c8898cddaf34

  • SHA256

    1884c11162e22cb51d86aea00989f1e2a1797082bfe24101b33cf717e4a6c7e9

  • SHA512

    9bf294536703e61b6acedd66b46d5691908f664c33f93e083d3a843f21b5dfa34c27806e00d1bef7eb715e8b2becb5d05ed38d13d1370e4a27b7057f65c95614

  • SSDEEP

    6144:szL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:6DHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      2024-04-10_33eb8bc4de65f4bef0ccb3fdc069e4c7_karagany_mafia

    • Size

      308KB

    • MD5

      33eb8bc4de65f4bef0ccb3fdc069e4c7

    • SHA1

      74d04a87f536f428c652a4e4fe69c8898cddaf34

    • SHA256

      1884c11162e22cb51d86aea00989f1e2a1797082bfe24101b33cf717e4a6c7e9

    • SHA512

      9bf294536703e61b6acedd66b46d5691908f664c33f93e083d3a843f21b5dfa34c27806e00d1bef7eb715e8b2becb5d05ed38d13d1370e4a27b7057f65c95614

    • SSDEEP

      6144:szL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:6DHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks