General

  • Target

    2024-07-10_a7c8500f2a73c590bb62e5fddd3e82c1_gandcrab

  • Size

    77KB

  • Sample

    240710-rwa75svhpb

  • MD5

    a7c8500f2a73c590bb62e5fddd3e82c1

  • SHA1

    a0a71dc23701f9d2cb7d3e0e1c50c0369fd607b0

  • SHA256

    652c66c97858aff3defed01b44b3adc9798d067f381d4b35f01a111c35bc6353

  • SHA512

    28a095b4762197dca4622b26639372b0d92cf7e2dedc696c026fe75173c22c6e4e226dce0388a9314869ca3bb72e403982090446c8233baa43de6306c34df88b

  • SSDEEP

    1536:YgSeGDjnjhnwjyB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv9:YMSjVneyBbMqqMmr3IdE8we0Avu5r++X

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      2024-07-10_a7c8500f2a73c590bb62e5fddd3e82c1_gandcrab

    • Size

      77KB

    • MD5

      a7c8500f2a73c590bb62e5fddd3e82c1

    • SHA1

      a0a71dc23701f9d2cb7d3e0e1c50c0369fd607b0

    • SHA256

      652c66c97858aff3defed01b44b3adc9798d067f381d4b35f01a111c35bc6353

    • SHA512

      28a095b4762197dca4622b26639372b0d92cf7e2dedc696c026fe75173c22c6e4e226dce0388a9314869ca3bb72e403982090446c8233baa43de6306c34df88b

    • SSDEEP

      1536:YgSeGDjnjhnwjyB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv9:YMSjVneyBbMqqMmr3IdE8we0Avu5r++X

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks