General

  • Target

    2024-05-07_81c05310fcbdf3581c39ae1fec170ad0_gandcrab

  • Size

    145KB

  • Sample

    240507-bzjexsfd93

  • MD5

    81c05310fcbdf3581c39ae1fec170ad0

  • SHA1

    d7a57eb579a2bbdbab08d9bfb76ce960888a298e

  • SHA256

    821409d6a7bef9bb50f669a92c9e9ba3cdf384bb94639ba4c67f5243051bca33

  • SHA512

    aa8f02d47947bffc0e8613748b067c6cc3b6692d3664facff3b3e4b11b1753fc37bd1ff097d8cf96f7ba0bfac6f8b7a46a577fad5d3bd81ccb1c420e79063139

  • SSDEEP

    3072:iYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:iyOqqDL64vdGREz

Malware Config

Targets

    • Target

      2024-05-07_81c05310fcbdf3581c39ae1fec170ad0_gandcrab

    • Size

      145KB

    • MD5

      81c05310fcbdf3581c39ae1fec170ad0

    • SHA1

      d7a57eb579a2bbdbab08d9bfb76ce960888a298e

    • SHA256

      821409d6a7bef9bb50f669a92c9e9ba3cdf384bb94639ba4c67f5243051bca33

    • SHA512

      aa8f02d47947bffc0e8613748b067c6cc3b6692d3664facff3b3e4b11b1753fc37bd1ff097d8cf96f7ba0bfac6f8b7a46a577fad5d3bd81ccb1c420e79063139

    • SSDEEP

      3072:iYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:iyOqqDL64vdGREz

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks