General

  • Target

    5a1dabd7560cb524a9e7e209cffd7efa342b285bc1e8e14112065157706e6bfd

  • Size

    32KB

  • Sample

    240529-1v6r4acb89

  • MD5

    e16fceafd07ccb1cdaee78bcc3c8a1c0

  • SHA1

    be5fc9212cd979208fd5798b4f79fd464800c9e3

  • SHA256

    5a1dabd7560cb524a9e7e209cffd7efa342b285bc1e8e14112065157706e6bfd

  • SHA512

    51c71194b6c50799d97120cf86b5c803b9c078b368cfe5166f51e85504151b364781fb552f7b058e168327170050edd7ea3b03a273ea330b193256e8266ca72f

  • SSDEEP

    384:W0sQTPDAY1lIqNOzA/PfYGVgSHtnJUQoJC8YBTY7i7+iKhGe/ZRo9B1RmCane0QZ:hDDAYYA/oGVgmUQoJkFi9hGYa9BSxtBw

Malware Config

Targets

    • Target

      5a1dabd7560cb524a9e7e209cffd7efa342b285bc1e8e14112065157706e6bfd

    • Size

      32KB

    • MD5

      e16fceafd07ccb1cdaee78bcc3c8a1c0

    • SHA1

      be5fc9212cd979208fd5798b4f79fd464800c9e3

    • SHA256

      5a1dabd7560cb524a9e7e209cffd7efa342b285bc1e8e14112065157706e6bfd

    • SHA512

      51c71194b6c50799d97120cf86b5c803b9c078b368cfe5166f51e85504151b364781fb552f7b058e168327170050edd7ea3b03a273ea330b193256e8266ca72f

    • SSDEEP

      384:W0sQTPDAY1lIqNOzA/PfYGVgSHtnJUQoJC8YBTY7i7+iKhGe/ZRo9B1RmCane0QZ:hDDAYYA/oGVgmUQoJkFi9hGYa9BSxtBw

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks