General

  • Target

    2024-07-29_eaf57c28a00d581c67e67a8af07bb3e7_karagany_mafia

  • Size

    266KB

  • Sample

    240729-qqy7cavcne

  • MD5

    eaf57c28a00d581c67e67a8af07bb3e7

  • SHA1

    c38c04fd98820ec6db13a0ee2b1430a001da9a6a

  • SHA256

    6c43d6634c3ea0cd8f88d5808261a1a25f6c1c01844fc1230787e8f12bc11b8e

  • SHA512

    46b7baf360d738aec7b6ccca3b1fff48dafed15947fb103928a8ed9b2e3fe132edde75cfc3c86206edfa56e97f55220b999bb007e42c78404b6fb6fe33e4e57b

  • SSDEEP

    3072:9/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOdt:9/y20Gj0r+EBFrkvlU3RvIUDOIT

Malware Config

Targets

    • Target

      2024-07-29_eaf57c28a00d581c67e67a8af07bb3e7_karagany_mafia

    • Size

      266KB

    • MD5

      eaf57c28a00d581c67e67a8af07bb3e7

    • SHA1

      c38c04fd98820ec6db13a0ee2b1430a001da9a6a

    • SHA256

      6c43d6634c3ea0cd8f88d5808261a1a25f6c1c01844fc1230787e8f12bc11b8e

    • SHA512

      46b7baf360d738aec7b6ccca3b1fff48dafed15947fb103928a8ed9b2e3fe132edde75cfc3c86206edfa56e97f55220b999bb007e42c78404b6fb6fe33e4e57b

    • SSDEEP

      3072:9/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOdt:9/y20Gj0r+EBFrkvlU3RvIUDOIT

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks