General

  • Target

    2024-07-25_4af7705184c70648864e87e5138d9251_gandcrab

  • Size

    240KB

  • Sample

    240725-rrhrestckj

  • MD5

    4af7705184c70648864e87e5138d9251

  • SHA1

    7042db59cd2a3d53645c2819fe00a5cc6e4c6013

  • SHA256

    7ab2969097e4573eebe173b03b1c9067a7448362556396e2388284887300161a

  • SHA512

    03bc6cc519892099550c6ff634f152bee13b011d60aa09886ba2cbe07a4e7b791adf1a06eccfd1144ae268baa1240cec1e8e7f87b9f39b1320e64896e66d69fc

  • SSDEEP

    3072:AYHVHd2NwMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZpHk:AycqqDL6oREzZpE

Malware Config

Targets

    • Target

      2024-07-25_4af7705184c70648864e87e5138d9251_gandcrab

    • Size

      240KB

    • MD5

      4af7705184c70648864e87e5138d9251

    • SHA1

      7042db59cd2a3d53645c2819fe00a5cc6e4c6013

    • SHA256

      7ab2969097e4573eebe173b03b1c9067a7448362556396e2388284887300161a

    • SHA512

      03bc6cc519892099550c6ff634f152bee13b011d60aa09886ba2cbe07a4e7b791adf1a06eccfd1144ae268baa1240cec1e8e7f87b9f39b1320e64896e66d69fc

    • SSDEEP

      3072:AYHVHd2NwMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZpHk:AycqqDL6oREzZpE

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks