General

  • Target

    2024-07-25_ac439c5a39a815402d807c989ecc7a6d_gandcrab_karagany_metamorfo

  • Size

    137KB

  • Sample

    240725-m6921aveqp

  • MD5

    ac439c5a39a815402d807c989ecc7a6d

  • SHA1

    859fa92674ee5551986b5ca86f48bd0454514354

  • SHA256

    3d967cb5197fb3fdfd57c1b6832c2445cee711021a723ae497465b5945a1a2de

  • SHA512

    31ba3e5a1ce7a00928beb531b8c56d0039d87d1dca3444a1941b0900d5a42be95a17a3bf3092b466769d38db5957d76e647bb3fc9f100941ad98eb0924a95957

  • SSDEEP

    1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GCgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuBY67CiIjD

Malware Config

Targets

    • Target

      2024-07-25_ac439c5a39a815402d807c989ecc7a6d_gandcrab_karagany_metamorfo

    • Size

      137KB

    • MD5

      ac439c5a39a815402d807c989ecc7a6d

    • SHA1

      859fa92674ee5551986b5ca86f48bd0454514354

    • SHA256

      3d967cb5197fb3fdfd57c1b6832c2445cee711021a723ae497465b5945a1a2de

    • SHA512

      31ba3e5a1ce7a00928beb531b8c56d0039d87d1dca3444a1941b0900d5a42be95a17a3bf3092b466769d38db5957d76e647bb3fc9f100941ad98eb0924a95957

    • SSDEEP

      1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GCgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuBY67CiIjD

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks