Overview

overview

10

Static

static

3

54392febdd...JC.exe

windows7-x64

10

54392febdd...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54392febdd644775e629da6921a03f21_mafia_JC.exe

  • Size

    255KB

  • Sample

    230820-nl9q6sgf6w

  • MD5

    54392febdd644775e629da6921a03f21

  • SHA1

    aa91504551afe5b3bc9762c3ba4948da72bf62f9

  • SHA256

    24ee606ff7626721067066be4383516286752476efc6688875f4d15c105b80f9

  • SHA512

    f7bf4d203dccd3ba099229749b363239e52857cc3568a4e41923ac7f5e79b83e60f88a0c81e9402fe34a65c53ce84b2e0602e8743b0dc65a4c04ae3644fe1590

  • SSDEEP

    3072:ryR64m3uiNEib+3NlcpX0XEtnvJzfQcHa8fiLtPy0AV5ODgnVqTLA4OmsWF:iH6Gh3vK0XEtJDHhfyylODgnMo4nsM

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      54392febdd644775e629da6921a03f21_mafia_JC.exe

    • Size

      255KB

    • MD5

      54392febdd644775e629da6921a03f21

    • SHA1

      aa91504551afe5b3bc9762c3ba4948da72bf62f9

    • SHA256

      24ee606ff7626721067066be4383516286752476efc6688875f4d15c105b80f9

    • SHA512

      f7bf4d203dccd3ba099229749b363239e52857cc3568a4e41923ac7f5e79b83e60f88a0c81e9402fe34a65c53ce84b2e0602e8743b0dc65a4c04ae3644fe1590

    • SSDEEP

      3072:ryR64m3uiNEib+3NlcpX0XEtnvJzfQcHa8fiLtPy0AV5ODgnVqTLA4OmsWF:iH6Gh3vK0XEtJDHhfyylODgnMo4nsM

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks