General

  • Target

    9be15ab511f2392041675ba968616fcf82cdcbe458039b4f54b41824da8974f4.exe

  • Size

    162KB

  • Sample

    240726-fcva5axbmn

  • MD5

    203dd75cbd98919e8364a12e810341af

  • SHA1

    be6f560f2bc97d2905740249337b62d1d45dcd37

  • SHA256

    9be15ab511f2392041675ba968616fcf82cdcbe458039b4f54b41824da8974f4

  • SHA512

    fbf2ab05f12c7851bbfae23c77bf9fd8bca20030ca54d829ec93ce1ecf547aaf4f326cae5319d17622bb00a93bd43885cebcf7074123bb00e4f835a05def110c

  • SSDEEP

    3072:3YHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtNMGCH:3yOqqDL64vdGREzR

Malware Config

Targets

    • Target

      9be15ab511f2392041675ba968616fcf82cdcbe458039b4f54b41824da8974f4.exe

    • Size

      162KB

    • MD5

      203dd75cbd98919e8364a12e810341af

    • SHA1

      be6f560f2bc97d2905740249337b62d1d45dcd37

    • SHA256

      9be15ab511f2392041675ba968616fcf82cdcbe458039b4f54b41824da8974f4

    • SHA512

      fbf2ab05f12c7851bbfae23c77bf9fd8bca20030ca54d829ec93ce1ecf547aaf4f326cae5319d17622bb00a93bd43885cebcf7074123bb00e4f835a05def110c

    • SSDEEP

      3072:3YHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtNMGCH:3yOqqDL64vdGREzR

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks