General

  • Target

    446c3fefee0e304b40519eb668485e5c5cce65c90a02fd40a131898d4ca23f72.exe

  • Size

    308KB

  • Sample

    240726-df88cavhle

  • MD5

    a62875de9ddb7d679bcb73d5db7ccf3d

  • SHA1

    8a298d641fbe9fc7f0b9257bd0c3df58ce771f91

  • SHA256

    446c3fefee0e304b40519eb668485e5c5cce65c90a02fd40a131898d4ca23f72

  • SHA512

    78cd920ea142ec6af2d1605f20aaa948efdcbcf201d4f9d7e45fe61c36b8d526b6f8ad3d3411c4ace315d3c0c8a945c5e9cd05f2492902e9b8194f9fe80f4dd1

  • SSDEEP

    6144:YZ5fh1s4mex2OO8bAiZ0YDChe8UN5alW6jx+Z:85frs4f2OOm/Ao8UNglGZ

Malware Config

Targets

    • Target

      446c3fefee0e304b40519eb668485e5c5cce65c90a02fd40a131898d4ca23f72.exe

    • Size

      308KB

    • MD5

      a62875de9ddb7d679bcb73d5db7ccf3d

    • SHA1

      8a298d641fbe9fc7f0b9257bd0c3df58ce771f91

    • SHA256

      446c3fefee0e304b40519eb668485e5c5cce65c90a02fd40a131898d4ca23f72

    • SHA512

      78cd920ea142ec6af2d1605f20aaa948efdcbcf201d4f9d7e45fe61c36b8d526b6f8ad3d3411c4ace315d3c0c8a945c5e9cd05f2492902e9b8194f9fe80f4dd1

    • SSDEEP

      6144:YZ5fh1s4mex2OO8bAiZ0YDChe8UN5alW6jx+Z:85frs4f2OOm/Ao8UNglGZ

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks