General

  • Target

    2024-04-11_3510e6f21d46f55a89d95c236c7dc0d0_gandcrab

  • Size

    145KB

  • Sample

    240411-jkahgaeh76

  • MD5

    3510e6f21d46f55a89d95c236c7dc0d0

  • SHA1

    032300f7012f3c091b67b5f21c90111d5563ce54

  • SHA256

    7ef0eba558dd62d76cb9849dfb9e0f5f6cf63e4e6aa177b676c5f9d94ba8ba74

  • SHA512

    8fe7722dfbb1b5affb694e6dfa7d41c211c50367b628868d0e6f82fefb62111c3dcf403985c5ff2ba7fc2b00c6f720eb3f242fa7a0cb5acfd56d7c9f777f3f8d

  • SSDEEP

    3072:DYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:DyOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-04-11_3510e6f21d46f55a89d95c236c7dc0d0_gandcrab

    • Size

      145KB

    • MD5

      3510e6f21d46f55a89d95c236c7dc0d0

    • SHA1

      032300f7012f3c091b67b5f21c90111d5563ce54

    • SHA256

      7ef0eba558dd62d76cb9849dfb9e0f5f6cf63e4e6aa177b676c5f9d94ba8ba74

    • SHA512

      8fe7722dfbb1b5affb694e6dfa7d41c211c50367b628868d0e6f82fefb62111c3dcf403985c5ff2ba7fc2b00c6f720eb3f242fa7a0cb5acfd56d7c9f777f3f8d

    • SSDEEP

      3072:DYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:DyOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks