Overview

overview

10

Static

static

3

6a2ca3bc1d...JC.exe

windows7-x64

10

6a2ca3bc1d...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6a2ca3bc1d9c8e4fc9e66a53bf460bb8_mafia_JC.exe

  • Size

    222KB

  • Sample

    230822-tl2y8add92

  • MD5

    6a2ca3bc1d9c8e4fc9e66a53bf460bb8

  • SHA1

    4f803f96b2d7d9071dfdbcdae46a1bac59667208

  • SHA256

    e11c56064888dff7cb82f96cb00adfb585466fcbb309ee41ae419d89e297fc04

  • SHA512

    fa2de6b5bd416aebb765db55bf017003f271f0a89338a9cd5213edbde3358645b7169ea52004a8f8f018cc6049f825775d4e47d50f2acd71fc114289d46898e4

  • SSDEEP

    3072:4BbWxYKFDnqvffIj0nStxBN3cwqvcQr3YTfVEPnYbl3/YrDAEioKhAv/:4BkYKZSYYnS1xecmoT2nYbdEKs/

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      6a2ca3bc1d9c8e4fc9e66a53bf460bb8_mafia_JC.exe

    • Size

      222KB

    • MD5

      6a2ca3bc1d9c8e4fc9e66a53bf460bb8

    • SHA1

      4f803f96b2d7d9071dfdbcdae46a1bac59667208

    • SHA256

      e11c56064888dff7cb82f96cb00adfb585466fcbb309ee41ae419d89e297fc04

    • SHA512

      fa2de6b5bd416aebb765db55bf017003f271f0a89338a9cd5213edbde3358645b7169ea52004a8f8f018cc6049f825775d4e47d50f2acd71fc114289d46898e4

    • SSDEEP

      3072:4BbWxYKFDnqvffIj0nStxBN3cwqvcQr3YTfVEPnYbl3/YrDAEioKhAv/:4BkYKZSYYnS1xecmoT2nYbdEKs/

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks