Resubmissions

19-12-2024 21:54

241219-1sgp7a1kax 4

19-12-2024 20:39

241219-zflb6szkel 10

General

  • Target

    0351ef062484c1622ab574835ae1bd4f5e2c0142d8a6f207c8760df8d5e07800N.exe

  • Size

    244KB

  • Sample

    241219-zflb6szkel

  • MD5

    57772ebf37c3c7376a932a39c1c7f770

  • SHA1

    eac21915ff9db1604b77efcfd788bce5a051cb3a

  • SHA256

    0351ef062484c1622ab574835ae1bd4f5e2c0142d8a6f207c8760df8d5e07800

  • SHA512

    2b1696e813912681063b0ae1463011463ea05380e18586d0d5fd6185c9a5c45077af192c90ed9db2f23ee8b879ce773befa781553a00080d5202c5d831b8f982

  • SSDEEP

    3072:3q8QC2mCC97sjM2TGm54rYREkcuX8FdXIsLCiQU2jgXQk0rCQRGEsriUIwrmuVUt:zKwm5RDOCiQFju0ubEslxrmt

Malware Config

Targets

    • Target

      0351ef062484c1622ab574835ae1bd4f5e2c0142d8a6f207c8760df8d5e07800N.exe

    • Size

      244KB

    • MD5

      57772ebf37c3c7376a932a39c1c7f770

    • SHA1

      eac21915ff9db1604b77efcfd788bce5a051cb3a

    • SHA256

      0351ef062484c1622ab574835ae1bd4f5e2c0142d8a6f207c8760df8d5e07800

    • SHA512

      2b1696e813912681063b0ae1463011463ea05380e18586d0d5fd6185c9a5c45077af192c90ed9db2f23ee8b879ce773befa781553a00080d5202c5d831b8f982

    • SSDEEP

      3072:3q8QC2mCC97sjM2TGm54rYREkcuX8FdXIsLCiQU2jgXQk0rCQRGEsriUIwrmuVUt:zKwm5RDOCiQFju0ubEslxrmt

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Gandcrab family

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks