General

  • Target

    2024-07-25_b88dd869c6b5147542bdfbeb05d874c8_gandcrab_karagany_metamorfo

  • Size

    137KB

  • Sample

    240725-m8ad6avfmj

  • MD5

    b88dd869c6b5147542bdfbeb05d874c8

  • SHA1

    1aec4704de6bfd5aa9680983262fd9ec7979976f

  • SHA256

    c89a7429eef0c126fd4a6ed53ad8df75107931b10426092f5aea337e01d2840c

  • SHA512

    00675ac278ed840576cfab1c4d3f3b7faf9669868d4cb17a1ec32f2450c1134e5dee6ad0816d33816cecb2066f9ffb1b114ce7715d9ec4a9434a8afdf8c5b88a

  • SSDEEP

    1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GMgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuB+67CiIjD

Malware Config

Targets

    • Target

      2024-07-25_b88dd869c6b5147542bdfbeb05d874c8_gandcrab_karagany_metamorfo

    • Size

      137KB

    • MD5

      b88dd869c6b5147542bdfbeb05d874c8

    • SHA1

      1aec4704de6bfd5aa9680983262fd9ec7979976f

    • SHA256

      c89a7429eef0c126fd4a6ed53ad8df75107931b10426092f5aea337e01d2840c

    • SHA512

      00675ac278ed840576cfab1c4d3f3b7faf9669868d4cb17a1ec32f2450c1134e5dee6ad0816d33816cecb2066f9ffb1b114ce7715d9ec4a9434a8afdf8c5b88a

    • SSDEEP

      1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GMgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuB+67CiIjD

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks