Overview

overview

10

Static

static

3

8335ee4fa7...JC.exe

windows7-x64

10

8335ee4fa7...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8335ee4fa768659bc9aaac56b21c9ba9_mafia_JC.exe

  • Size

    308KB

  • Sample

    230824-tm918afd2x

  • MD5

    8335ee4fa768659bc9aaac56b21c9ba9

  • SHA1

    1033549332e296845cd2b9cbaa19c0766402c126

  • SHA256

    f162c8d28c269662c0d7299a3b90eef07a1f7dce8df95e23ee35cc21d839d3df

  • SHA512

    b631c93b21107c2afab3378df389683e733c5ab72eb104e1207fbefd9e51e237d33481ed9928f3b6bfbea66d67fe2d2282b305cd5285c239680a63e025875faf

  • SSDEEP

    6144:gzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:GDHNam62ZdKmZmuPH

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      8335ee4fa768659bc9aaac56b21c9ba9_mafia_JC.exe

    • Size

      308KB

    • MD5

      8335ee4fa768659bc9aaac56b21c9ba9

    • SHA1

      1033549332e296845cd2b9cbaa19c0766402c126

    • SHA256

      f162c8d28c269662c0d7299a3b90eef07a1f7dce8df95e23ee35cc21d839d3df

    • SHA512

      b631c93b21107c2afab3378df389683e733c5ab72eb104e1207fbefd9e51e237d33481ed9928f3b6bfbea66d67fe2d2282b305cd5285c239680a63e025875faf

    • SSDEEP

      6144:gzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:GDHNam62ZdKmZmuPH

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks