General

  • Target

    2024-05-03_191ac7821913d592725969e28f816574_bkransomware_karagany_metamorfo

  • Size

    180KB

  • Sample

    240503-p9r2psba79

  • MD5

    191ac7821913d592725969e28f816574

  • SHA1

    26fbe8a05531693dd9eea6cf86c5093a841e66c3

  • SHA256

    3be651d03f57ce5102d1e4a9905b28b9191da3287936346a70e05d8c88d82040

  • SHA512

    75742cfa856f30b531088b03578b91be8fa6a11cbe9e1ca03282b5c1aa008d8843a8bd4dfe6d0f2ef7cdab717022066cb4b02df27de2b6683950cebe12ad3f36

  • SSDEEP

    3072:fgzlmnQjGjtA77nRw3u04PbvZDV/y9afXqTXnCBNcESnrbieOVL5:fi777Rw2hpy9afajnCBwrbTO9

Malware Config

Targets

    • Target

      2024-05-03_191ac7821913d592725969e28f816574_bkransomware_karagany_metamorfo

    • Size

      180KB

    • MD5

      191ac7821913d592725969e28f816574

    • SHA1

      26fbe8a05531693dd9eea6cf86c5093a841e66c3

    • SHA256

      3be651d03f57ce5102d1e4a9905b28b9191da3287936346a70e05d8c88d82040

    • SHA512

      75742cfa856f30b531088b03578b91be8fa6a11cbe9e1ca03282b5c1aa008d8843a8bd4dfe6d0f2ef7cdab717022066cb4b02df27de2b6683950cebe12ad3f36

    • SSDEEP

      3072:fgzlmnQjGjtA77nRw3u04PbvZDV/y9afXqTXnCBNcESnrbieOVL5:fi777Rw2hpy9afajnCBwrbTO9

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks