Overview

overview

10

Static

static

3

7dd313dc1c...ex.exe

windows7-x64

10

7dd313dc1c...ex.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    7dd313dc1c5e63exeexeexeex.exe

  • Size

    351KB

  • Sample

    230709-xt58dsfh8y

  • MD5

    7dd313dc1c5e6377a060663bbf210014

  • SHA1

    b01a3b9ee915d2760868c643e7e38c140e04b8e0

  • SHA256

    7344b084aeaa987b9616ad4579b6fd45de193804b7169d5590baad2705bcf252

  • SHA512

    2143ccc100dbbcb298a6eca1ac2cfd909b26cb10ef389794f3ec8ab2f691e860862b120cb14c0ad94207329ac7b4c17446515e21f30cb34f9a1751cd352e1b65

  • SSDEEP

    3072:+pNMs+Kr1wbWGjl0xjsNNeVKBNVBxKT46xl+wndfIQQOaC3QBn7/hsb2BhGZ1/Nb:+pNMsLWEjsXjBATRpuuwnGD/Nj6a

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      7dd313dc1c5e63exeexeexeex.exe

    • Size

      351KB

    • MD5

      7dd313dc1c5e6377a060663bbf210014

    • SHA1

      b01a3b9ee915d2760868c643e7e38c140e04b8e0

    • SHA256

      7344b084aeaa987b9616ad4579b6fd45de193804b7169d5590baad2705bcf252

    • SHA512

      2143ccc100dbbcb298a6eca1ac2cfd909b26cb10ef389794f3ec8ab2f691e860862b120cb14c0ad94207329ac7b4c17446515e21f30cb34f9a1751cd352e1b65

    • SSDEEP

      3072:+pNMs+Kr1wbWGjl0xjsNNeVKBNVBxKT46xl+wndfIQQOaC3QBn7/hsb2BhGZ1/Nb:+pNMsLWEjsXjBATRpuuwnGD/Nj6a

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks