General

  • Target

    2024-05-04_fbb38fde1603f358b7e8464f37713f7f_karagany_mafia

  • Size

    308KB

  • Sample

    240504-ebg4qsfd42

  • MD5

    fbb38fde1603f358b7e8464f37713f7f

  • SHA1

    6b03c6542e7b00f98cb8c00ffdc9ad8d2144c780

  • SHA256

    59dc6e3705e8c1d76f99469bdd4ca41eb3aa1e74888d67dc8eef97d06facf0fd

  • SHA512

    a7ebd2a8bff66b79c0cf810a1edb64b1e2033aa58161f5e12ccea687a1bb1ccc6e96ae265937b5be2d10b9d05154d3a489fd8f3430334f171cc201bbaac916ad

  • SSDEEP

    6144:JzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:XDHNam62ZdKmZmuPH

Malware Config

Targets

    • Target

      2024-05-04_fbb38fde1603f358b7e8464f37713f7f_karagany_mafia

    • Size

      308KB

    • MD5

      fbb38fde1603f358b7e8464f37713f7f

    • SHA1

      6b03c6542e7b00f98cb8c00ffdc9ad8d2144c780

    • SHA256

      59dc6e3705e8c1d76f99469bdd4ca41eb3aa1e74888d67dc8eef97d06facf0fd

    • SHA512

      a7ebd2a8bff66b79c0cf810a1edb64b1e2033aa58161f5e12ccea687a1bb1ccc6e96ae265937b5be2d10b9d05154d3a489fd8f3430334f171cc201bbaac916ad

    • SSDEEP

      6144:JzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:XDHNam62ZdKmZmuPH

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks