General

  • Target

    2024-05-03_4263ecc3f5efd3059fb6a237ad611e64_gandcrab

  • Size

    145KB

  • Sample

    240503-3d95asbd78

  • MD5

    4263ecc3f5efd3059fb6a237ad611e64

  • SHA1

    c5986d4ce9547034c9ad854fb52b4534d3a7531c

  • SHA256

    e9a79561e25e448fccc69038427f90280287127140b9d6e1f3b33c2895863e3d

  • SHA512

    fbc4beb1f84af838156394f9c4effcc294f2a1416ae1f5e735305c21f367edf7dea13108597192eda1ea2e3f69365dca3c887d526ff917f5e26da357708060c8

  • SSDEEP

    3072:nYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:nyOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-05-03_4263ecc3f5efd3059fb6a237ad611e64_gandcrab

    • Size

      145KB

    • MD5

      4263ecc3f5efd3059fb6a237ad611e64

    • SHA1

      c5986d4ce9547034c9ad854fb52b4534d3a7531c

    • SHA256

      e9a79561e25e448fccc69038427f90280287127140b9d6e1f3b33c2895863e3d

    • SHA512

      fbc4beb1f84af838156394f9c4effcc294f2a1416ae1f5e735305c21f367edf7dea13108597192eda1ea2e3f69365dca3c887d526ff917f5e26da357708060c8

    • SSDEEP

      3072:nYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:nyOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks