gandcrab | e678f3089a497782524e0f6787e26691[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e678f3089a497782524e0f6787e26691.bin
Size

246KB
MD5

587be1b531dfb32a9ee0f0d23d3edeb8
SHA1

5ba47b69633cf4835d7201d1be94fae714771311
SHA256

bd0fcb1458d538ca25074447464d9dce0321ae481fc6ddccd43f2b613f1cd7f8
SHA512

e4460c82efced8f8d0844b982ced31fb550d094d383927a18ea2a960fb4fba08aef84dcdbc4135e297e38dfe8cd8634564c17be1db8444e6c0ae46825231df03
SSDEEP

6144:n2kI3zvcda314VuFSD9ZPUlYEtdp9mJlCgxip:nN4Tcyg9Z8YEDp9m/k

Score

10^/10

gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
static1/unpack001/2c467cc6bed546dc5adae1df0833767883142b3dca9b757a414c21b5ccd15ad5.exe	family_gandcrab

Gandcrab family
gandcrab

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2c467cc6bed546dc5adae1df0833767883142b3dca9b757a414c21b5ccd15ad5.exe

Files

e678f3089a497782524e0f6787e26691.bin
.zip

Password: infected
2c467cc6bed546dc5adae1df0833767883142b3dca9b757a414c21b5ccd15ad5.exe
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ