General

  • Target

    02fbbb032a9a66d6cfbe2ef2cad2b8466f4f9d29b84c86a26106e727b4d21f15N.exe

  • Size

    321KB

  • Sample

    241219-1fmqnszqdx

  • MD5

    47e0113790ce12370edea2fe5cc337a0

  • SHA1

    509383fcc1dc2ef59faddcbf535fae3adafee30f

  • SHA256

    02fbbb032a9a66d6cfbe2ef2cad2b8466f4f9d29b84c86a26106e727b4d21f15

  • SHA512

    892b1fec4f8dc82a9b1ef54c7c0f4ae061d94e1090411eb9f1ccfb41c141336622ec46e8546fab234bdf9e739fdebc886d41a839136bb6eef0d1111adaab1458

  • SSDEEP

    6144:PfwD/eHK1rGTAOfrIV/QHxOtJkkgYsGGdzKLK:PfwDz1+q4Hsi+LK

Malware Config

Targets

    • Target

      02fbbb032a9a66d6cfbe2ef2cad2b8466f4f9d29b84c86a26106e727b4d21f15N.exe

    • Size

      321KB

    • MD5

      47e0113790ce12370edea2fe5cc337a0

    • SHA1

      509383fcc1dc2ef59faddcbf535fae3adafee30f

    • SHA256

      02fbbb032a9a66d6cfbe2ef2cad2b8466f4f9d29b84c86a26106e727b4d21f15

    • SHA512

      892b1fec4f8dc82a9b1ef54c7c0f4ae061d94e1090411eb9f1ccfb41c141336622ec46e8546fab234bdf9e739fdebc886d41a839136bb6eef0d1111adaab1458

    • SSDEEP

      6144:PfwD/eHK1rGTAOfrIV/QHxOtJkkgYsGGdzKLK:PfwDz1+q4Hsi+LK

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Gandcrab family

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks