General

  • Target

    2024-07-29_e8b2d083148197544a13e0974ea108a8_gandcrab

  • Size

    240KB

  • Sample

    240729-qqtxmazgmn

  • MD5

    e8b2d083148197544a13e0974ea108a8

  • SHA1

    32f202f18e3dc077976b43f413c5ef68b67cdcc2

  • SHA256

    e6b217ec274303c8e74b97b512730ca66985b5802c9e7a6238a5f4b7b633a9ff

  • SHA512

    bc9d01587e01733eaad98f6c01a41553ef14740bcabaf16cade15b981c9887f26c8a74d33ff104f2fd7a13e868ff1d76796a01cb9c9d6e61ba19801a902cef0a

  • SSDEEP

    3072:GYHVHd2NwMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZpHk:GycqqDL6oREzZpE

Malware Config

Targets

    • Target

      2024-07-29_e8b2d083148197544a13e0974ea108a8_gandcrab

    • Size

      240KB

    • MD5

      e8b2d083148197544a13e0974ea108a8

    • SHA1

      32f202f18e3dc077976b43f413c5ef68b67cdcc2

    • SHA256

      e6b217ec274303c8e74b97b512730ca66985b5802c9e7a6238a5f4b7b633a9ff

    • SHA512

      bc9d01587e01733eaad98f6c01a41553ef14740bcabaf16cade15b981c9887f26c8a74d33ff104f2fd7a13e868ff1d76796a01cb9c9d6e61ba19801a902cef0a

    • SSDEEP

      3072:GYHVHd2NwMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZpHk:GycqqDL6oREzZpE

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks