General

  • Target

    bc345d907c6fde218bef52b9620066a2631bb8e47078b60363352be45ed196d5.exe

  • Size

    266KB

  • Sample

    240726-f8hxzasdmb

  • MD5

    7e63315b7c7c6c0c1da5f0dab7bdfe4b

  • SHA1

    217cbd3621e86bc39c0866a70029e2aa11cd1080

  • SHA256

    bc345d907c6fde218bef52b9620066a2631bb8e47078b60363352be45ed196d5

  • SHA512

    79baf9b90cc06523882110e62b8e164a595879acaa16bff0198372157678cc95fdb89b35970b1169593ba48d858f5b32de5e2eb9ae52cc05dc2bb3c07d9aadc8

  • SSDEEP

    3072:e/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOdt:e/y20Gj0r+EBFrkvlU3RvIUDOIT

Malware Config

Targets

    • Target

      bc345d907c6fde218bef52b9620066a2631bb8e47078b60363352be45ed196d5.exe

    • Size

      266KB

    • MD5

      7e63315b7c7c6c0c1da5f0dab7bdfe4b

    • SHA1

      217cbd3621e86bc39c0866a70029e2aa11cd1080

    • SHA256

      bc345d907c6fde218bef52b9620066a2631bb8e47078b60363352be45ed196d5

    • SHA512

      79baf9b90cc06523882110e62b8e164a595879acaa16bff0198372157678cc95fdb89b35970b1169593ba48d858f5b32de5e2eb9ae52cc05dc2bb3c07d9aadc8

    • SSDEEP

      3072:e/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOdt:e/y20Gj0r+EBFrkvlU3RvIUDOIT

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks