General

  • Target

    2024-07-25_ec2521118694bee3d29dc9670f9277af_gandcrab_karagany_metamorfo

  • Size

    137KB

  • Sample

    240725-nkybrawdrm

  • MD5

    ec2521118694bee3d29dc9670f9277af

  • SHA1

    bb64c78c6f3c8069c4c0681b60bca824308a4e6c

  • SHA256

    e8078256d4a74e6a10091455089520530fa26f00b79140755d77ee21bba7b368

  • SHA512

    21fe04bde54ed9abfa0975c8ebf51e453296fde49ce6f92c1942c2d8d2ea6e44cb5fd81acfbf7b047f6ed739277a324e73b9b07dc1fcfdd7c7e98d1143ecd16c

  • SSDEEP

    1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GHgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuBp67CiIjD

Malware Config

Targets

    • Target

      2024-07-25_ec2521118694bee3d29dc9670f9277af_gandcrab_karagany_metamorfo

    • Size

      137KB

    • MD5

      ec2521118694bee3d29dc9670f9277af

    • SHA1

      bb64c78c6f3c8069c4c0681b60bca824308a4e6c

    • SHA256

      e8078256d4a74e6a10091455089520530fa26f00b79140755d77ee21bba7b368

    • SHA512

      21fe04bde54ed9abfa0975c8ebf51e453296fde49ce6f92c1942c2d8d2ea6e44cb5fd81acfbf7b047f6ed739277a324e73b9b07dc1fcfdd7c7e98d1143ecd16c

    • SSDEEP

      1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GHgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuBp67CiIjD

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks