Overview

overview

10

Static

static

3

edc994046c...JC.exe

windows7-x64

10

edc994046c...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    edc994046c88a73c336c0f98a9db47ba_mafia_JC.exe

  • Size

    324KB

  • Sample

    230830-x888laac57

  • MD5

    edc994046c88a73c336c0f98a9db47ba

  • SHA1

    311a82a6960a4d9f7ccbbf21f183772eee63bff8

  • SHA256

    7d290fba1100823452b41fdf6bc05e2c3e1803d32f0ee3835032587f2fad4bf8

  • SHA512

    59f946d6c4ba9dcdbfb500420f9b3731cc868f9833d9f70fe4940bce8d9d6e83a268fec20868bcefc89dcb31402f874276e81dd606f2437d4fa2644bcaafab41

  • SSDEEP

    6144:cRD8GPgklslrAaL3Uc2wNL9EFra+iYBVsBNjk1+pz:cRdgk0rMLvL+NX1

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      edc994046c88a73c336c0f98a9db47ba_mafia_JC.exe

    • Size

      324KB

    • MD5

      edc994046c88a73c336c0f98a9db47ba

    • SHA1

      311a82a6960a4d9f7ccbbf21f183772eee63bff8

    • SHA256

      7d290fba1100823452b41fdf6bc05e2c3e1803d32f0ee3835032587f2fad4bf8

    • SHA512

      59f946d6c4ba9dcdbfb500420f9b3731cc868f9833d9f70fe4940bce8d9d6e83a268fec20868bcefc89dcb31402f874276e81dd606f2437d4fa2644bcaafab41

    • SSDEEP

      6144:cRD8GPgklslrAaL3Uc2wNL9EFra+iYBVsBNjk1+pz:cRdgk0rMLvL+NX1

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks