General
-
Target
2024-07-25_e0e182cdddcc3a42354f2e7c7ed76c3c_gandcrab_karagany_metamorfo
-
Size
137KB
-
Sample
240725-nhcl9syfmf
-
MD5
e0e182cdddcc3a42354f2e7c7ed76c3c
-
SHA1
1d1b62f4a3129afc6c863219e471d6355bd1193c
-
SHA256
d078d35df1daa36dfd2f43aab1e0b20ea0a526df613718e9bb26fc3ee6167067
-
SHA512
ba3df5cf94e8a07d052e2a55117dc215f95dfd7550f084c4f19df8d3966988dc506dee3216b8f2ec6339936963bb2b119bf50c4e3949af0361294b61a8d0b45b
-
SSDEEP
1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GhJgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuBDJ67CiIjD
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-25_e0e182cdddcc3a42354f2e7c7ed76c3c_gandcrab_karagany_metamorfo.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2024-07-25_e0e182cdddcc3a42354f2e7c7ed76c3c_gandcrab_karagany_metamorfo.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
2024-07-25_e0e182cdddcc3a42354f2e7c7ed76c3c_gandcrab_karagany_metamorfo
-
Size
137KB
-
MD5
e0e182cdddcc3a42354f2e7c7ed76c3c
-
SHA1
1d1b62f4a3129afc6c863219e471d6355bd1193c
-
SHA256
d078d35df1daa36dfd2f43aab1e0b20ea0a526df613718e9bb26fc3ee6167067
-
SHA512
ba3df5cf94e8a07d052e2a55117dc215f95dfd7550f084c4f19df8d3966988dc506dee3216b8f2ec6339936963bb2b119bf50c4e3949af0361294b61a8d0b45b
-
SSDEEP
1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GhJgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuBDJ67CiIjD
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Indicator Removal
1File Deletion
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1