General
-
Target
2024-07-25_ac439c5a39a815402d807c989ecc7a6d_gandcrab_karagany_metamorfo
-
Size
137KB
-
Sample
240725-m6921aveqp
-
MD5
ac439c5a39a815402d807c989ecc7a6d
-
SHA1
859fa92674ee5551986b5ca86f48bd0454514354
-
SHA256
3d967cb5197fb3fdfd57c1b6832c2445cee711021a723ae497465b5945a1a2de
-
SHA512
31ba3e5a1ce7a00928beb531b8c56d0039d87d1dca3444a1941b0900d5a42be95a17a3bf3092b466769d38db5957d76e647bb3fc9f100941ad98eb0924a95957
-
SSDEEP
1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GCgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuBY67CiIjD
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-25_ac439c5a39a815402d807c989ecc7a6d_gandcrab_karagany_metamorfo.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2024-07-25_ac439c5a39a815402d807c989ecc7a6d_gandcrab_karagany_metamorfo.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
2024-07-25_ac439c5a39a815402d807c989ecc7a6d_gandcrab_karagany_metamorfo
-
Size
137KB
-
MD5
ac439c5a39a815402d807c989ecc7a6d
-
SHA1
859fa92674ee5551986b5ca86f48bd0454514354
-
SHA256
3d967cb5197fb3fdfd57c1b6832c2445cee711021a723ae497465b5945a1a2de
-
SHA512
31ba3e5a1ce7a00928beb531b8c56d0039d87d1dca3444a1941b0900d5a42be95a17a3bf3092b466769d38db5957d76e647bb3fc9f100941ad98eb0924a95957
-
SSDEEP
1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GCgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuBY67CiIjD
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Indicator Removal
1File Deletion
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1