General

  • Target

    2024-04-12_6d672cbe61281a1bffa9bb4e5993963a_karagany_mafia

  • Size

    308KB

  • Sample

    240412-nmpsdsda9w

  • MD5

    6d672cbe61281a1bffa9bb4e5993963a

  • SHA1

    47c71829336ff4f58a1f6c1a1acfba41d4cdff2a

  • SHA256

    ea5aea1ce722bd25b9ef22f4dbd26ee8aee52c202ee35f4aeba1073c86d8a86a

  • SHA512

    f23f5226817fb01ec887b4b75b007286d9d17ed61bb234460cc8bc84b4b2c72cba9168c8fcc853833d8d406c33c26173b1247c2c1587327c1db2c390580e5c81

  • SSDEEP

    6144:EzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:SDHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      2024-04-12_6d672cbe61281a1bffa9bb4e5993963a_karagany_mafia

    • Size

      308KB

    • MD5

      6d672cbe61281a1bffa9bb4e5993963a

    • SHA1

      47c71829336ff4f58a1f6c1a1acfba41d4cdff2a

    • SHA256

      ea5aea1ce722bd25b9ef22f4dbd26ee8aee52c202ee35f4aeba1073c86d8a86a

    • SHA512

      f23f5226817fb01ec887b4b75b007286d9d17ed61bb234460cc8bc84b4b2c72cba9168c8fcc853833d8d406c33c26173b1247c2c1587327c1db2c390580e5c81

    • SSDEEP

      6144:EzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:SDHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks