General
-
Target
2024-07-25_b88dd869c6b5147542bdfbeb05d874c8_gandcrab_karagany_metamorfo
-
Size
137KB
-
Sample
240725-m8ad6avfmj
-
MD5
b88dd869c6b5147542bdfbeb05d874c8
-
SHA1
1aec4704de6bfd5aa9680983262fd9ec7979976f
-
SHA256
c89a7429eef0c126fd4a6ed53ad8df75107931b10426092f5aea337e01d2840c
-
SHA512
00675ac278ed840576cfab1c4d3f3b7faf9669868d4cb17a1ec32f2450c1134e5dee6ad0816d33816cecb2066f9ffb1b114ce7715d9ec4a9434a8afdf8c5b88a
-
SSDEEP
1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GMgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuB+67CiIjD
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-25_b88dd869c6b5147542bdfbeb05d874c8_gandcrab_karagany_metamorfo.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
2024-07-25_b88dd869c6b5147542bdfbeb05d874c8_gandcrab_karagany_metamorfo.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
2024-07-25_b88dd869c6b5147542bdfbeb05d874c8_gandcrab_karagany_metamorfo
-
Size
137KB
-
MD5
b88dd869c6b5147542bdfbeb05d874c8
-
SHA1
1aec4704de6bfd5aa9680983262fd9ec7979976f
-
SHA256
c89a7429eef0c126fd4a6ed53ad8df75107931b10426092f5aea337e01d2840c
-
SHA512
00675ac278ed840576cfab1c4d3f3b7faf9669868d4cb17a1ec32f2450c1134e5dee6ad0816d33816cecb2066f9ffb1b114ce7715d9ec4a9434a8afdf8c5b88a
-
SSDEEP
1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GMgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuB+67CiIjD
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Indicator Removal
1File Deletion
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1