General
-
Target
2024-07-25_ec2521118694bee3d29dc9670f9277af_gandcrab_karagany_metamorfo
-
Size
137KB
-
Sample
240725-nkybrawdrm
-
MD5
ec2521118694bee3d29dc9670f9277af
-
SHA1
bb64c78c6f3c8069c4c0681b60bca824308a4e6c
-
SHA256
e8078256d4a74e6a10091455089520530fa26f00b79140755d77ee21bba7b368
-
SHA512
21fe04bde54ed9abfa0975c8ebf51e453296fde49ce6f92c1942c2d8d2ea6e44cb5fd81acfbf7b047f6ed739277a324e73b9b07dc1fcfdd7c7e98d1143ecd16c
-
SSDEEP
1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GHgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuBp67CiIjD
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-25_ec2521118694bee3d29dc9670f9277af_gandcrab_karagany_metamorfo.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2024-07-25_ec2521118694bee3d29dc9670f9277af_gandcrab_karagany_metamorfo.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
2024-07-25_ec2521118694bee3d29dc9670f9277af_gandcrab_karagany_metamorfo
-
Size
137KB
-
MD5
ec2521118694bee3d29dc9670f9277af
-
SHA1
bb64c78c6f3c8069c4c0681b60bca824308a4e6c
-
SHA256
e8078256d4a74e6a10091455089520530fa26f00b79140755d77ee21bba7b368
-
SHA512
21fe04bde54ed9abfa0975c8ebf51e453296fde49ce6f92c1942c2d8d2ea6e44cb5fd81acfbf7b047f6ed739277a324e73b9b07dc1fcfdd7c7e98d1143ecd16c
-
SSDEEP
1536:ymFff+GbWDmMAvQmHWlOMDSzWiO5MOYTB6m+GHgp10sWjcdCiIjUA0ZTwy2:ymjbWaMAvx2WSisuBp67CiIjD
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Indicator Removal
1File Deletion
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1