Behavioral task
behavioral1
Sample
2023-05-15_3a8a34c793d30674e0c7e78548497b84_gandcrab.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-05-15_3a8a34c793d30674e0c7e78548497b84_gandcrab.exe
Resource
win10v2004-20230220-en
General
-
Target
2023-05-15_3a8a34c793d30674e0c7e78548497b84_gandcrab
-
Size
388KB
-
MD5
3a8a34c793d30674e0c7e78548497b84
-
SHA1
2685040e9dbc090414dd7a6b7c0b62705ef507c1
-
SHA256
be462bb34e44329f7bfaf4091abdc6b8c97943c16df39122b7ed43f2d29d1256
-
SHA512
d1c52ad2c176b94342f338c5cd8002831713c803855ae9fd8787e492fef50d66b19efc107822ad6824914ce14a3a351716b37f70582cfce70297c04c7f4c1d3d
-
SSDEEP
6144:lcytwbh1yTS+xqqDL6HKnFrOKBFSfdk03Dpfjc1ITQs0jcCO54SODhW69:Cyih1Rqn6qn4mv03lfjcW0TjAYgq
Malware Config
Signatures
-
GandCrab payload 1 IoCs
resource yara_rule sample family_gandcrab -
Gandcrab family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2023-05-15_3a8a34c793d30674e0c7e78548497b84_gandcrab
Files
-
2023-05-15_3a8a34c793d30674e0c7e78548497b84_gandcrab.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 81KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ