Overview

overview

10

Static

static

3

5dfe96d32f31a1_JC.exe

windows7-x64

10

5dfe96d32f31a1_JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5dfe96d32f31a1_JC.exe

  • Size

    351KB

  • Sample

    230716-k9xjzaef8s

  • MD5

    5dfe96d32f31a16ec5d948493a4b3aa3

  • SHA1

    07a718e8075bc1a5066b062934b22f14b6e48873

  • SHA256

    bf5f95b4db735d340fec85c897126a9512ee6842174c4944b7a4264cf90c5e69

  • SHA512

    760d1ce339d306e015186d025caeab9d9c73abbc0130d07a2a0b8ea9f3b37e02916962b8bb2018047e08a69091fcbf4fce96432a1d1e43b4e5c3a0150039e33d

  • SSDEEP

    3072:/pNMs+Kr1wbWGjl0xjsNNeVKBNVBxKT46xl+wndfIQQOaC3QBn7/hsb2BhGZ1/Nb:/pNMsLWEjsXjBATRpuuwnGD/Nj6a

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      5dfe96d32f31a1_JC.exe

    • Size

      351KB

    • MD5

      5dfe96d32f31a16ec5d948493a4b3aa3

    • SHA1

      07a718e8075bc1a5066b062934b22f14b6e48873

    • SHA256

      bf5f95b4db735d340fec85c897126a9512ee6842174c4944b7a4264cf90c5e69

    • SHA512

      760d1ce339d306e015186d025caeab9d9c73abbc0130d07a2a0b8ea9f3b37e02916962b8bb2018047e08a69091fcbf4fce96432a1d1e43b4e5c3a0150039e33d

    • SSDEEP

      3072:/pNMs+Kr1wbWGjl0xjsNNeVKBNVBxKT46xl+wndfIQQOaC3QBn7/hsb2BhGZ1/Nb:/pNMsLWEjsXjBATRpuuwnGD/Nj6a

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks