General

  • Target

    2024-07-10_214c2e3f0bb58b09e29b60f16f3d1a36_gandcrab

  • Size

    77KB

  • Sample

    240710-qp6j2asfne

  • MD5

    214c2e3f0bb58b09e29b60f16f3d1a36

  • SHA1

    5804c85e049e2f4d38db48db904fd67de0d4bfa3

  • SHA256

    9c965b6f79096fddbb391e8713c2fb22b011b95a001efcab6098acecc6abcc13

  • SHA512

    e59b0ae4802ff78a7a46c77052407254906164d448f1155bc59a6db569e3755c38d3996126ea05356e8168897a42d682f8672915923d9f11cacc9c5257e1cfb3

  • SSDEEP

    1536:0gSeGDjnjhnwjyB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv9:0MSjVneyBbMqqMmr3IdE8we0Avu5r++X

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      2024-07-10_214c2e3f0bb58b09e29b60f16f3d1a36_gandcrab

    • Size

      77KB

    • MD5

      214c2e3f0bb58b09e29b60f16f3d1a36

    • SHA1

      5804c85e049e2f4d38db48db904fd67de0d4bfa3

    • SHA256

      9c965b6f79096fddbb391e8713c2fb22b011b95a001efcab6098acecc6abcc13

    • SHA512

      e59b0ae4802ff78a7a46c77052407254906164d448f1155bc59a6db569e3755c38d3996126ea05356e8168897a42d682f8672915923d9f11cacc9c5257e1cfb3

    • SSDEEP

      1536:0gSeGDjnjhnwjyB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv9:0MSjVneyBbMqqMmr3IdE8we0Avu5r++X

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks