General

  • Target

    2024-04-12_7382106915da1016166e0ce9a2b18eaa_karagany_mafia

  • Size

    425KB

  • Sample

    240412-nm4ljsaa78

  • MD5

    7382106915da1016166e0ce9a2b18eaa

  • SHA1

    57f50469b608cdd54ec9baa3eae63c247d3ec979

  • SHA256

    744a1ec3261450837f8c9b1242e123d2928a5d6c7f6839e22e22319069a16101

  • SHA512

    1c42ad88eaf23edac98cbf786ee14a0cea8d4fb6c8ba4032bdbe52c035e0737ca278270de2b31c7882e5116adf014c5e397b1ed22aed38d10eef2ce36cb83c1a

  • SSDEEP

    6144:NV8WkJntg7zTULdAa7sumOVgibHVyKurXXgENi73LGDJ:N8ntm/U5a/tAArXXLNmKDJ

Malware Config

Targets

    • Target

      2024-04-12_7382106915da1016166e0ce9a2b18eaa_karagany_mafia

    • Size

      425KB

    • MD5

      7382106915da1016166e0ce9a2b18eaa

    • SHA1

      57f50469b608cdd54ec9baa3eae63c247d3ec979

    • SHA256

      744a1ec3261450837f8c9b1242e123d2928a5d6c7f6839e22e22319069a16101

    • SHA512

      1c42ad88eaf23edac98cbf786ee14a0cea8d4fb6c8ba4032bdbe52c035e0737ca278270de2b31c7882e5116adf014c5e397b1ed22aed38d10eef2ce36cb83c1a

    • SSDEEP

      6144:NV8WkJntg7zTULdAa7sumOVgibHVyKurXXgENi73LGDJ:N8ntm/U5a/tAArXXLNmKDJ

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks