Behavioral task
behavioral1
Sample
8f83f7af3713846dcf838d8876ce81df_gandcrab_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
8f83f7af3713846dcf838d8876ce81df_gandcrab_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
8f83f7af3713846dcf838d8876ce81df_gandcrab_JC.exe
-
Size
252KB
-
MD5
8f83f7af3713846dcf838d8876ce81df
-
SHA1
79fcd0a4ad52e3f0c9db8104d586358fef63a055
-
SHA256
35b1069e2747f4e9429915be31781ceb0c429176c3901e33f57ac55cc4bf775b
-
SHA512
f5f0cfc6a1941203ec2b601d78e13895dc0b112fcff56e9cb745914386669e176ca5c81510c6b47744d991fbd47ba529b9e8a565fe1f2835c115dc56f96022e1
-
SSDEEP
6144:gXjOnr6+qqDL64vdRD3f6mP+pmplO2oS8K:gTOn6qn6cRLf/+oy2oS
Malware Config
Extracted
gandcrab
http://gdcbghvjyqy7jclk.onion.top/
Signatures
-
GandCrab payload 1 IoCs
resource yara_rule sample family_gandcrab -
Gandcrab family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8f83f7af3713846dcf838d8876ce81df_gandcrab_JC.exe
Files
-
8f83f7af3713846dcf838d8876ce81df_gandcrab_JC.exe.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ