Overview

overview

10

Static

static

3

7297d2946a...JC.exe

windows7-x64

10

7297d2946a...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    7297d2946a05fed405292ec0163ee709_mafia_JC.exe

  • Size

    319KB

  • Sample

    230822-xrnwbseh48

  • MD5

    7297d2946a05fed405292ec0163ee709

  • SHA1

    4acd6a6dd058c5d27f2f0e93c541096a671525a1

  • SHA256

    62a3ba22b1e3ff36da6edb0d1acb29ea7795f16b4346bcc4156e01f149fbc1d0

  • SHA512

    3e6634985a122d6615af68b7169b1754e35fbbfcf18308b96719e1265a3a86b5c43edeee067caefc11f409947601cbfcb9a9e7229e5dc238d2e6910c41c39899

  • SSDEEP

    3072:DLFqoITs8+GgzXKhp6vFcBNTjbL617AL6MfUL1OeV7LGyH0Bme3BdcpFbMT9O:DLFAYz7z6hp2W1L61ALCOk7LhdeROuO

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      7297d2946a05fed405292ec0163ee709_mafia_JC.exe

    • Size

      319KB

    • MD5

      7297d2946a05fed405292ec0163ee709

    • SHA1

      4acd6a6dd058c5d27f2f0e93c541096a671525a1

    • SHA256

      62a3ba22b1e3ff36da6edb0d1acb29ea7795f16b4346bcc4156e01f149fbc1d0

    • SHA512

      3e6634985a122d6615af68b7169b1754e35fbbfcf18308b96719e1265a3a86b5c43edeee067caefc11f409947601cbfcb9a9e7229e5dc238d2e6910c41c39899

    • SSDEEP

      3072:DLFqoITs8+GgzXKhp6vFcBNTjbL617AL6MfUL1OeV7LGyH0Bme3BdcpFbMT9O:DLFAYz7z6hp2W1L61ALCOk7LhdeROuO

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks