General

  • Target

    2024-07-10_3fa8f25ee1757739097922745c98a775_gandcrab

  • Size

    77KB

  • Sample

    240710-g663fstepg

  • MD5

    3fa8f25ee1757739097922745c98a775

  • SHA1

    8ec0c421745fd6f3ac36ce7951260ed6c4a2399c

  • SHA256

    3b5a76192a1f73b0ddcb70d483606749ca7971f2626a6bd016eb68cede088461

  • SHA512

    6cf29c30cdaff5a2c0817fdc10d6dec0fa8928460986cb60e67904dc1a4aef4feaf28d2d13ba315b7773a1d6b8c57027ec8f2bb8592e8942419029e1f5db45e2

  • SSDEEP

    1536:kgSeGDjnjhnwjyB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv9:kMSjVneyBbMqqMmr3IdE8we0Avu5r++X

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      2024-07-10_3fa8f25ee1757739097922745c98a775_gandcrab

    • Size

      77KB

    • MD5

      3fa8f25ee1757739097922745c98a775

    • SHA1

      8ec0c421745fd6f3ac36ce7951260ed6c4a2399c

    • SHA256

      3b5a76192a1f73b0ddcb70d483606749ca7971f2626a6bd016eb68cede088461

    • SHA512

      6cf29c30cdaff5a2c0817fdc10d6dec0fa8928460986cb60e67904dc1a4aef4feaf28d2d13ba315b7773a1d6b8c57027ec8f2bb8592e8942419029e1f5db45e2

    • SSDEEP

      1536:kgSeGDjnjhnwjyB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv9:kMSjVneyBbMqqMmr3IdE8we0Avu5r++X

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks