General

  • Target

    30d4ba9cc006be76d764fc5ef20d9f4a96b27524505daa01f3ae2e0f0dcf5785N.exe

  • Size

    119KB

  • Sample

    241219-fgx8kszncp

  • MD5

    fe092747abcb1b58057a4d0ce657af00

  • SHA1

    3db189e55d8d3b6c12401cf7f7393f7a13962dea

  • SHA256

    30d4ba9cc006be76d764fc5ef20d9f4a96b27524505daa01f3ae2e0f0dcf5785

  • SHA512

    876231f29148fc899a7a0e1be689100833cdeac65ea75ae84a0b14417c56f2bce8fd16fbabe6512545161f33979cd1e7df5b94108039532e9f57e1f1712245f8

  • SSDEEP

    3072:tzuPVLDaAA3d2C9hQssDh7a7I4M3FyOO3+Bout8lc:qDvSb4f9a7IFLO3ioS8K

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      30d4ba9cc006be76d764fc5ef20d9f4a96b27524505daa01f3ae2e0f0dcf5785N.exe

    • Size

      119KB

    • MD5

      fe092747abcb1b58057a4d0ce657af00

    • SHA1

      3db189e55d8d3b6c12401cf7f7393f7a13962dea

    • SHA256

      30d4ba9cc006be76d764fc5ef20d9f4a96b27524505daa01f3ae2e0f0dcf5785

    • SHA512

      876231f29148fc899a7a0e1be689100833cdeac65ea75ae84a0b14417c56f2bce8fd16fbabe6512545161f33979cd1e7df5b94108039532e9f57e1f1712245f8

    • SSDEEP

      3072:tzuPVLDaAA3d2C9hQssDh7a7I4M3FyOO3+Bout8lc:qDvSb4f9a7IFLO3ioS8K

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Gandcrab family

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks