General

  • Target

    2024-04-11_2db06354efbab9693ba3178712df5694_karagany_mafia

  • Size

    378KB

  • Sample

    240411-sw34lahe6x

  • MD5

    2db06354efbab9693ba3178712df5694

  • SHA1

    0b69c8837309835c461d667fff61b0bc58da776b

  • SHA256

    656f37246f76f431682459e6fc09c06df5ceecd9c5a8818416053542f7f98a16

  • SHA512

    c692523829a3274ca2768e5f2d63bede3b0006c9eb23b04f4ea272e6ade1d052f9f6e9af2e9725ccec16bfd4e07174a6b3dc2d34fdcf22bd973a99b87b849bc0

  • SSDEEP

    3072:S/yK5d2Gl0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOdW:S/y22Gl0r+EBFrkvlU3RvIUDOIY

Malware Config

Targets

    • Target

      2024-04-11_2db06354efbab9693ba3178712df5694_karagany_mafia

    • Size

      378KB

    • MD5

      2db06354efbab9693ba3178712df5694

    • SHA1

      0b69c8837309835c461d667fff61b0bc58da776b

    • SHA256

      656f37246f76f431682459e6fc09c06df5ceecd9c5a8818416053542f7f98a16

    • SHA512

      c692523829a3274ca2768e5f2d63bede3b0006c9eb23b04f4ea272e6ade1d052f9f6e9af2e9725ccec16bfd4e07174a6b3dc2d34fdcf22bd973a99b87b849bc0

    • SSDEEP

      3072:S/yK5d2Gl0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOdW:S/y22Gl0r+EBFrkvlU3RvIUDOIY

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks