General

  • Target

    7c5a55cfa74b375f2194e29633da183d764a9381d52af8e71bfc1c2a61fb8109.exe

  • Size

    231KB

  • Sample

    241218-l2p1lavqhk

  • MD5

    a2111a35365c5e7fd89b567412ca4ad6

  • SHA1

    2a4a0c3880b90850a82552b72ec13ad3e793a444

  • SHA256

    7c5a55cfa74b375f2194e29633da183d764a9381d52af8e71bfc1c2a61fb8109

  • SHA512

    73122914c555107c8bf83bd9c954cac8a4c7da8ded849559a7966956a93126f2a641f81090d3be237dbbf473bc66bdc1be5ccc2dcef119329c83a842d2c60ca3

  • SSDEEP

    3072:RPgE0E5wfNm5RQ9vGeriZuxqrzmT0MKgM2Au2c5L97zPy+yc4WABa/Km:RPgEifAIOe6eOqAMKgMy5B7G2z

Malware Config

Targets

    • Target

      7c5a55cfa74b375f2194e29633da183d764a9381d52af8e71bfc1c2a61fb8109.exe

    • Size

      231KB

    • MD5

      a2111a35365c5e7fd89b567412ca4ad6

    • SHA1

      2a4a0c3880b90850a82552b72ec13ad3e793a444

    • SHA256

      7c5a55cfa74b375f2194e29633da183d764a9381d52af8e71bfc1c2a61fb8109

    • SHA512

      73122914c555107c8bf83bd9c954cac8a4c7da8ded849559a7966956a93126f2a641f81090d3be237dbbf473bc66bdc1be5ccc2dcef119329c83a842d2c60ca3

    • SSDEEP

      3072:RPgE0E5wfNm5RQ9vGeriZuxqrzmT0MKgM2Au2c5L97zPy+yc4WABa/Km:RPgEifAIOe6eOqAMKgMy5B7G2z

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Gandcrab family

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks