gandcrab | 2024-01-08_b6372c04d193f025f828d2695d887a5f_gandcrab_karagany | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-08_b6372c04d193f025f828d2695d887a5f_gandcrab_karagany
Size

10.5MB
MD5

b6372c04d193f025f828d2695d887a5f
SHA1

711d58ccd89b762321150f0286171ed481da0662
SHA256

23f908fc31352858b9771969f92aae5e95841c882b9d3b54339fc92d182a48f7
SHA512

356b464285e3d11954e5cdbd123ef0f86af20e0cf053a7a0a1308a0de410e17db753af9341e893526eba17172829a9ae7f6260fbb94ae4a1f3d22ad29d4adaf0
SSDEEP

6144:m5t3lj4QL1MqqDL6svdlaqT30vzHF4Go0+Fs4:m59lzqn6QUqWrKGo06p

Score

10^/10

gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab family
gandcrab

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-08_b6372c04d193f025f828d2695d887a5f_gandcrab_karagany

Files

2024-01-08_b6372c04d193f025f828d2695d887a5f_gandcrab_karagany
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ