General

  • Target

    2024-07-25_e0e182cdddcc3a42354f2e7c7ed76c3c_gandcrab_karagany_metamorfo

  • Size

    137KB

  • Sample

    240725-nhcl9syfmf

  • MD5

    e0e182cdddcc3a42354f2e7c7ed76c3c

  • SHA1

    1d1b62f4a3129afc6c863219e471d6355bd1193c

  • SHA256

    d078d35df1daa36dfd2f43aab1e0b20ea0a526df613718e9bb26fc3ee6167067

  • SHA512

    ba3df5cf94e8a07d052e2a55117dc215f95dfd7550f084c4f19df8d3966988dc506dee3216b8f2ec6339936963bb2b119bf50c4e3949af0361294b61a8d0b45b

  • SSDEEP

    1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GhJgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuBDJ67CiIjD

Malware Config

Targets

    • Target

      2024-07-25_e0e182cdddcc3a42354f2e7c7ed76c3c_gandcrab_karagany_metamorfo

    • Size

      137KB

    • MD5

      e0e182cdddcc3a42354f2e7c7ed76c3c

    • SHA1

      1d1b62f4a3129afc6c863219e471d6355bd1193c

    • SHA256

      d078d35df1daa36dfd2f43aab1e0b20ea0a526df613718e9bb26fc3ee6167067

    • SHA512

      ba3df5cf94e8a07d052e2a55117dc215f95dfd7550f084c4f19df8d3966988dc506dee3216b8f2ec6339936963bb2b119bf50c4e3949af0361294b61a8d0b45b

    • SSDEEP

      1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GhJgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuBDJ67CiIjD

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks