General

  • Target

    2024-05-07_9bb560378bd5a300ec38756abd3d8575_mafia

  • Size

    300KB

  • Sample

    240507-yqtkvsfg28

  • MD5

    9bb560378bd5a300ec38756abd3d8575

  • SHA1

    856aeb56dbf0456414d5849e19223dc6c3699a55

  • SHA256

    9e65fc7326de7ef7845f18825497841cbd1857582f16285f768797257109f1eb

  • SHA512

    abf514e2ec521ef1ada895389c8ae997b1ace649ea589082bb03cb0b96b07651251eb8720ec67330dcccf507cb8f43f53df2f7af8166557d6720e5b3bc98c653

  • SSDEEP

    6144:pvEANMO1UnseVgkV0xwvfxnhLTiusLe1740B:6uM0Unsna5mut40B

Malware Config

Targets

    • Target

      2024-05-07_9bb560378bd5a300ec38756abd3d8575_mafia

    • Size

      300KB

    • MD5

      9bb560378bd5a300ec38756abd3d8575

    • SHA1

      856aeb56dbf0456414d5849e19223dc6c3699a55

    • SHA256

      9e65fc7326de7ef7845f18825497841cbd1857582f16285f768797257109f1eb

    • SHA512

      abf514e2ec521ef1ada895389c8ae997b1ace649ea589082bb03cb0b96b07651251eb8720ec67330dcccf507cb8f43f53df2f7af8166557d6720e5b3bc98c653

    • SSDEEP

      6144:pvEANMO1UnseVgkV0xwvfxnhLTiusLe1740B:6uM0Unsna5mut40B

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks