gandcrab | 832-58-0x0000000000400000-0x000000000043D000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

832-58-0x0000000000400000-0x000000000043D000-memory.dmp
Size

244KB
MD5

4259ad353e21f5edb8366ff6915daa0a
SHA1

6b3348f133b93ced8305a0aca747d93c85c8f030
SHA256

ff0e3b819bd378ce2115d841a9de0711914a820685106190e53e3d4ce0c5e66a
SHA512

2be4a511166f6a9a0cea0521d47bf8d6d61667b9eddd14cb187edd5a1582c3f2b8f6f6ff82a18c2386e8034780801ce6f08bf8f8bef8b8115df82d12262fc0d1
SSDEEP

3072:l5K/B0toLcSNJYxlZHQsozTS+SMqqDL2/TrKJjGh/YrDAEioKhAv:lcytwBg1yTS+xqqDL6HKghEKs

Score

10^/10

gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab family
gandcrab

Files

832-58-0x0000000000400000-0x000000000043D000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ