Behavioral task
behavioral1
Sample
2024-01-08_9403f3604ed62dcbf0bd1c26016790e3_gandcrab_karagany.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-08_9403f3604ed62dcbf0bd1c26016790e3_gandcrab_karagany.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-08_9403f3604ed62dcbf0bd1c26016790e3_gandcrab_karagany
-
Size
16.0MB
-
MD5
9403f3604ed62dcbf0bd1c26016790e3
-
SHA1
dd215582b4143bf3fa862cb1b3d6707059b3a179
-
SHA256
ebb55be85cd9b6a862014d65a1d182a31db4351330215d55ebd7452711913aed
-
SHA512
2e7e61a247bb76667654049db28c426d6f08117dad114aecb6c860a4b70ab9d073f589e71a5afde55e8440de4a55ebf302c7ab47d0dff4d31674b12682f0cba2
-
SSDEEP
3072:S5K/B0toLOSNJwlxwsx89TSdBgjMqqDL2/TOKE4Gl:Scytwb3TTSdBgQqqDL6SK+
Malware Config
Signatures
-
GandCrab payload 1 IoCs
resource yara_rule sample family_gandcrab -
Gandcrab family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-01-08_9403f3604ed62dcbf0bd1c26016790e3_gandcrab_karagany
Files
-
2024-01-08_9403f3604ed62dcbf0bd1c26016790e3_gandcrab_karagany.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 81KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ