Overview

overview

10

Static

static

3

2024-01-01...ia.exe

windows7-x64

10

2024-01-01...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-01-01_83038ce0fd442418738ea54f717d9971_karagany_mafia

  • Size

    250KB

  • Sample

    240105-gfyy6adee7

  • MD5

    83038ce0fd442418738ea54f717d9971

  • SHA1

    5ef135c6b72aeaf798fe2574302b224eeb6f9ed6

  • SHA256

    daeae69e322553e048c1a885c144d9d1af3d15b8184ca7a12b5dcb2de04ab7cc

  • SHA512

    eec8f42ddce66ff310550b0800b3eeeb50380a7359ef654808052224185c7f99a84bed8347ca73b51900f9ab2f9406a4e46c502568bdb02b920cb1cd5e7a6024

  • SSDEEP

    6144:B+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxXq:hOCjaklYgVIpxIhDtR

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-01-01_83038ce0fd442418738ea54f717d9971_karagany_mafia

    • Size

      250KB

    • MD5

      83038ce0fd442418738ea54f717d9971

    • SHA1

      5ef135c6b72aeaf798fe2574302b224eeb6f9ed6

    • SHA256

      daeae69e322553e048c1a885c144d9d1af3d15b8184ca7a12b5dcb2de04ab7cc

    • SHA512

      eec8f42ddce66ff310550b0800b3eeeb50380a7359ef654808052224185c7f99a84bed8347ca73b51900f9ab2f9406a4e46c502568bdb02b920cb1cd5e7a6024

    • SSDEEP

      6144:B+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxXq:hOCjaklYgVIpxIhDtR

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks