General

  • Target

    1f3c004c5876f951a7afb57ab606de3407fcb2b830ee1baa3f2ac93c30bb25e4.exe

  • Size

    250KB

  • Sample

    240726-v8bwzsxbmf

  • MD5

    84c3bd7e638d63762f7a6c519075bb0a

  • SHA1

    36357397b66794857add694477c0831143eae0ff

  • SHA256

    1f3c004c5876f951a7afb57ab606de3407fcb2b830ee1baa3f2ac93c30bb25e4

  • SHA512

    e87240dc2dee673b863278d785b514c165c38f01aa0cadeeaf46884dfba1630f6485cd9638f9520ad7b5257e6959684f406961fcc733815b8c2c71ef4ace1d46

  • SSDEEP

    6144:G+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxX:yOCjaklYgVIpxIhDt

Malware Config

Targets

    • Target

      1f3c004c5876f951a7afb57ab606de3407fcb2b830ee1baa3f2ac93c30bb25e4.exe

    • Size

      250KB

    • MD5

      84c3bd7e638d63762f7a6c519075bb0a

    • SHA1

      36357397b66794857add694477c0831143eae0ff

    • SHA256

      1f3c004c5876f951a7afb57ab606de3407fcb2b830ee1baa3f2ac93c30bb25e4

    • SHA512

      e87240dc2dee673b863278d785b514c165c38f01aa0cadeeaf46884dfba1630f6485cd9638f9520ad7b5257e6959684f406961fcc733815b8c2c71ef4ace1d46

    • SSDEEP

      6144:G+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxX:yOCjaklYgVIpxIhDt

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks