General

  • Target

    675c5b27af9009f66e92d8b4188bdb84838b7b167614841df47b5c470f4f0f9bN.exe

  • Size

    231KB

  • Sample

    241218-g9rryaxles

  • MD5

    1e5310906b2196362596f361e7fd55c0

  • SHA1

    3d9e2fcd9a0b53c8493dfea67e04bf8adfdd1402

  • SHA256

    675c5b27af9009f66e92d8b4188bdb84838b7b167614841df47b5c470f4f0f9b

  • SHA512

    ac7e25075199e0664f8a0caaa4f994c4bd6bcd3e49f27b0a2bd89832d528115dfd3041450c8e52055546bca1d4e6c186262783df04c22f6cad10419ef2f236bb

  • SSDEEP

    3072:RPgE0E5wfNm5RQ9vGeriZuxqrzmT0MKgM2Au2c5L97zPy+yc4WABa/KC:RPgEifAIOe6eOqAMKgMy5B7G25

Malware Config

Targets

    • Target

      675c5b27af9009f66e92d8b4188bdb84838b7b167614841df47b5c470f4f0f9bN.exe

    • Size

      231KB

    • MD5

      1e5310906b2196362596f361e7fd55c0

    • SHA1

      3d9e2fcd9a0b53c8493dfea67e04bf8adfdd1402

    • SHA256

      675c5b27af9009f66e92d8b4188bdb84838b7b167614841df47b5c470f4f0f9b

    • SHA512

      ac7e25075199e0664f8a0caaa4f994c4bd6bcd3e49f27b0a2bd89832d528115dfd3041450c8e52055546bca1d4e6c186262783df04c22f6cad10419ef2f236bb

    • SSDEEP

      3072:RPgE0E5wfNm5RQ9vGeriZuxqrzmT0MKgM2Au2c5L97zPy+yc4WABa/KC:RPgEifAIOe6eOqAMKgMy5B7G25

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Gandcrab family

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks