General

  • Target

    f9a149a058bf6018b2d1827a95f80e4c2df737c156fc7cc973c44eaeafd589db.exe

  • Size

    162KB

  • Sample

    240726-h2x5estckl

  • MD5

    9587c262dc22fce8fb638e6505ca4e7f

  • SHA1

    c9e2632df00e35cc8503fd8a4fc16dd146ce4193

  • SHA256

    f9a149a058bf6018b2d1827a95f80e4c2df737c156fc7cc973c44eaeafd589db

  • SHA512

    b2e1ac65b98f23804f35652fe5a0c0776efa6527136ba74f726bcf8ff8437e1ee058d5d755dcf50457f47408650b1ee1297fedc01e4b8480f7fe4f23677de09c

  • SSDEEP

    3072:DYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN/GCH:DyOqqDL64vdGREzu

Malware Config

Targets

    • Target

      f9a149a058bf6018b2d1827a95f80e4c2df737c156fc7cc973c44eaeafd589db.exe

    • Size

      162KB

    • MD5

      9587c262dc22fce8fb638e6505ca4e7f

    • SHA1

      c9e2632df00e35cc8503fd8a4fc16dd146ce4193

    • SHA256

      f9a149a058bf6018b2d1827a95f80e4c2df737c156fc7cc973c44eaeafd589db

    • SHA512

      b2e1ac65b98f23804f35652fe5a0c0776efa6527136ba74f726bcf8ff8437e1ee058d5d755dcf50457f47408650b1ee1297fedc01e4b8480f7fe4f23677de09c

    • SSDEEP

      3072:DYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN/GCH:DyOqqDL64vdGREzu

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks