General

  • Target

    2024-07-27_cbec2dab5539f2102f6a7cf340f6d877_gandcrab

  • Size

    240KB

  • Sample

    240727-lhds8azhnr

  • MD5

    cbec2dab5539f2102f6a7cf340f6d877

  • SHA1

    df3bed399965dbba96b3961c3346b61df94d0ad2

  • SHA256

    4dccb5fbba14f8d16dbfe3e82ab0144b2d520597f2f28145cd4db4925550743b

  • SHA512

    86058f04dadb021b91d9d9039fcaeeba63531198d42f3530b5fb1ce8a9fa9d37196cbab8cfc37909bc296b055232ed8bc7b9fd1e09c30153cf0ec3556f5ca3eb

  • SSDEEP

    3072:ClYHVHd2NwMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZpHk:ClycqqDL6oREzZpE

Malware Config

Targets

    • Target

      2024-07-27_cbec2dab5539f2102f6a7cf340f6d877_gandcrab

    • Size

      240KB

    • MD5

      cbec2dab5539f2102f6a7cf340f6d877

    • SHA1

      df3bed399965dbba96b3961c3346b61df94d0ad2

    • SHA256

      4dccb5fbba14f8d16dbfe3e82ab0144b2d520597f2f28145cd4db4925550743b

    • SHA512

      86058f04dadb021b91d9d9039fcaeeba63531198d42f3530b5fb1ce8a9fa9d37196cbab8cfc37909bc296b055232ed8bc7b9fd1e09c30153cf0ec3556f5ca3eb

    • SSDEEP

      3072:ClYHVHd2NwMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZpHk:ClycqqDL6oREzZpE

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks