Overview

overview

10

Static

static

3

2024-01-01...ia.exe

windows7-x64

10

2024-01-01...ia.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-01-01_fa646105404efe56c2c262f4c392a8af_karagany_mafia

  • Size

    312KB

  • Sample

    240105-glkzgsfah9

  • MD5

    fa646105404efe56c2c262f4c392a8af

  • SHA1

    5f6014deca1253bf5f3e64c118f3abfda9af2b26

  • SHA256

    18aafd9bffcde2e6de1789b5bfe4cd68ceab73ec574bcbbc5592977b0d7a6d44

  • SHA512

    14fa4cdf7213493856ed4e9d53bc856e21384e29b5db9acc029ada271278ccd5fbe053d0d005e936f89e365290f0d738a2a1d292def4e27702c2d52a4e98198c

  • SSDEEP

    6144:46jtiQHr3ByVhPYDe/mZFORawnkdoo7H7MPiJT9QhrvT8vRiXdx97/uMiqa:4GTghcYaYIL7MPiJT9mP8vRiXdx97Xa

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-01-01_fa646105404efe56c2c262f4c392a8af_karagany_mafia

    • Size

      312KB

    • MD5

      fa646105404efe56c2c262f4c392a8af

    • SHA1

      5f6014deca1253bf5f3e64c118f3abfda9af2b26

    • SHA256

      18aafd9bffcde2e6de1789b5bfe4cd68ceab73ec574bcbbc5592977b0d7a6d44

    • SHA512

      14fa4cdf7213493856ed4e9d53bc856e21384e29b5db9acc029ada271278ccd5fbe053d0d005e936f89e365290f0d738a2a1d292def4e27702c2d52a4e98198c

    • SSDEEP

      6144:46jtiQHr3ByVhPYDe/mZFORawnkdoo7H7MPiJT9QhrvT8vRiXdx97/uMiqa:4GTghcYaYIL7MPiJT9mP8vRiXdx97Xa

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks