gandcrab | 2c467cc6bed546dc5adae1df0833767883142b3dca9b757a414c21b5ccd15ad5[.]zip

General

Target

2c467cc6bed546dc5adae1df0833767883142b3dca9b757a414c21b5ccd15ad5.zip
Size

246KB
MD5

45c66771e5c0804dcd211c2c1dead4ad
SHA1

51910b2ed272e2445c60751d826b8add9975ee33
SHA256

9dfeb0aef491dc7f5cca68e0ee0544ce856c11cb9eb5aa3c6f357bb9b7736f5f
SHA512

8986d581d5d963d1826abc616314ebeaf5bea00ca593aeb1acfeade99aa1ef60e109ccba38d3f2a38849f08cfc35144f523063bdb506112b31ca5d22cc081b6e
SSDEEP

6144:kmcJ3aZ5TkjB7KasRTSR2SgwTii0rS2ummfEkzd/G:YJ3avTkjpKasBLSgPiuS2ummfEWd/G

Score

10^/10

gandcrab

GandCrab payload 1 IoCs

resource	yara_rule
static1/unpack001/2c467cc6bed546dc5adae1df0833767883142b3dca9b757a414c21b5ccd15ad5.exe	family_gandcrab

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2c467cc6bed546dc5adae1df0833767883142b3dca9b757a414c21b5ccd15ad5.exe

2c467cc6bed546dc5adae1df0833767883142b3dca9b757a414c21b5ccd15ad5.zip
.zip

Password: infected
2c467cc6bed546dc5adae1df0833767883142b3dca9b757a414c21b5ccd15ad5.exe
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ