General

  • Target

    2024-07-27_a9824e3e994e47af20cf319113f94a5c_karagany_mafia

  • Size

    250KB

  • Sample

    240727-lehyrszgkj

  • MD5

    a9824e3e994e47af20cf319113f94a5c

  • SHA1

    23c824de59e0b3a636358a18a0d28bb74e5cb5a2

  • SHA256

    d59969721e97e12ebab0564704695e555c9ae9471e72250d34f3ee86eaba43b9

  • SHA512

    729198da92f0c9652107b95fb7d8d434c218fbcd87251c3495b4687d066b714966251d2d912333e2894b00d8e06f09b7a5a599a03d58773e2a15f7635376e5e4

  • SSDEEP

    6144:U+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxX:MOCjaklYgVIpxIhDt

Malware Config

Targets

    • Target

      2024-07-27_a9824e3e994e47af20cf319113f94a5c_karagany_mafia

    • Size

      250KB

    • MD5

      a9824e3e994e47af20cf319113f94a5c

    • SHA1

      23c824de59e0b3a636358a18a0d28bb74e5cb5a2

    • SHA256

      d59969721e97e12ebab0564704695e555c9ae9471e72250d34f3ee86eaba43b9

    • SHA512

      729198da92f0c9652107b95fb7d8d434c218fbcd87251c3495b4687d066b714966251d2d912333e2894b00d8e06f09b7a5a599a03d58773e2a15f7635376e5e4

    • SSDEEP

      6144:U+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxX:MOCjaklYgVIpxIhDt

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks