General

  • Target

    2025-01-08_7a8da5a27f2980ee3aca1ed65afda98e_karagany_mafia

  • Size

    249KB

  • Sample

    250108-pqy1xaslgp

  • MD5

    7a8da5a27f2980ee3aca1ed65afda98e

  • SHA1

    dd2abdfb819d76eec528bf9cd695579af41f3efa

  • SHA256

    0e8c7e19d61bf31e09bb26768b57d1afa8d11f1c14e40cb04b8b728fb2c4cb21

  • SHA512

    8c6f773614022e6da7391d04aa79305e93b156da30e878e8494323a06b76f02399ffdca37c32d5a15d336af4848e8127d7e155b561377ad3ae6ec6ee72f68134

  • SSDEEP

    6144:4a1G8FVA6axUvuYQvcsYwQ7pPRSuOvSYhMw7:PFG6axU+wfR5tQMU

Malware Config

Targets

    • Target

      2025-01-08_7a8da5a27f2980ee3aca1ed65afda98e_karagany_mafia

    • Size

      249KB

    • MD5

      7a8da5a27f2980ee3aca1ed65afda98e

    • SHA1

      dd2abdfb819d76eec528bf9cd695579af41f3efa

    • SHA256

      0e8c7e19d61bf31e09bb26768b57d1afa8d11f1c14e40cb04b8b728fb2c4cb21

    • SHA512

      8c6f773614022e6da7391d04aa79305e93b156da30e878e8494323a06b76f02399ffdca37c32d5a15d336af4848e8127d7e155b561377ad3ae6ec6ee72f68134

    • SSDEEP

      6144:4a1G8FVA6axUvuYQvcsYwQ7pPRSuOvSYhMw7:PFG6axU+wfR5tQMU

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Gandcrab family

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks