Behavioral task
behavioral1
Sample
2024-01-23_0a079e64d4ff7a87128449150c8716c1_gandcrab_karagany.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-23_0a079e64d4ff7a87128449150c8716c1_gandcrab_karagany.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-23_0a079e64d4ff7a87128449150c8716c1_gandcrab_karagany
-
Size
6.3MB
-
MD5
0a079e64d4ff7a87128449150c8716c1
-
SHA1
e7fd0026fb51830da45414d5b8c45fa4043dbe0d
-
SHA256
94ddba52c1b4989a1a68bf04debf8ccf883bce5590c2c0e9ffe50ddbe9ad2308
-
SHA512
beffe52e8e946b713b10d51606e293747c9e6e81b88afbdc522e4670a91f854eb92b0c95249d2ecfaed1c7b5768b62c48ab29be17b04953721e779b582e01ef9
-
SSDEEP
6144:O9iQ5A0C9WruiM7qqDL6avdjO3bkSbs3tSAmuLBi6Yt84fMjxtu:O9iQ56Iqn6mjO34SIO6Yt84fMdk
Malware Config
Signatures
-
Detects Reflective DLL injection artifacts 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_ReflectiveLoader -
GandCrab payload 1 IoCs
resource yara_rule sample family_gandcrab -
Gandcrab Payload 1 IoCs
resource yara_rule sample Gandcrab -
Gandcrab family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-01-23_0a079e64d4ff7a87128449150c8716c1_gandcrab_karagany
Files
-
2024-01-23_0a079e64d4ff7a87128449150c8716c1_gandcrab_karagany.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 78KB - Virtual size: 85KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ