General

  • Target

    2024-11-20_839596ea9a1c8c86ea27bd72bf5e46bc_karagany_mafia

  • Size

    250KB

  • Sample

    241120-cx8sgayhpq

  • MD5

    839596ea9a1c8c86ea27bd72bf5e46bc

  • SHA1

    881041f6ad126a28bb0d22c9be1d34157f6f2fc4

  • SHA256

    56bec8961c24ebc25b4bcd4b8f730c50c63c1e58fc06e8cbd095c208b46ef6ed

  • SHA512

    e60da0cbf078301256d113fe23989e8eb1a5074168c8e473a1be871d9d3d0295054c6daba3a1f42caabdfd7cc964c274222848f3f223ceb1c295f25876e48ab2

  • SSDEEP

    6144:X+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxX:LOCjaklYgVIpxIhDt

Malware Config

Targets

    • Target

      2024-11-20_839596ea9a1c8c86ea27bd72bf5e46bc_karagany_mafia

    • Size

      250KB

    • MD5

      839596ea9a1c8c86ea27bd72bf5e46bc

    • SHA1

      881041f6ad126a28bb0d22c9be1d34157f6f2fc4

    • SHA256

      56bec8961c24ebc25b4bcd4b8f730c50c63c1e58fc06e8cbd095c208b46ef6ed

    • SHA512

      e60da0cbf078301256d113fe23989e8eb1a5074168c8e473a1be871d9d3d0295054c6daba3a1f42caabdfd7cc964c274222848f3f223ceb1c295f25876e48ab2

    • SSDEEP

      6144:X+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxX:LOCjaklYgVIpxIhDt

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Gandcrab family

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks