Behavioral task
behavioral1
Sample
2024-01-23_9556e280bd6eaeb3663077c1f792cc07_gandcrab_karagany.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-23_9556e280bd6eaeb3663077c1f792cc07_gandcrab_karagany.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-01-23_9556e280bd6eaeb3663077c1f792cc07_gandcrab_karagany
-
Size
272KB
-
MD5
9556e280bd6eaeb3663077c1f792cc07
-
SHA1
e61c602138a879c22470a4a60520e24000e5c493
-
SHA256
be2e67c13cce24cdc944f13341a56259e452d906602c485f15981f8d4a6eb92b
-
SHA512
2e16e422d1721d7a4d78742429bf25a073101d03f2ac595a5447095ea342d75dc0a9fcb533ee6fff7c6b6166248c02c9cb890057e687e92f808dc8bf1422e37f
-
SSDEEP
3072:l5K/B0toLOSNJSlZHQsozTS+SMqqDL2/TrKxJUGrBuj00nReaXkuSQ7cdOd:lcytwb+1yTS+xqqDL6HKDxrUDOI
Malware Config
Signatures
-
Detects Reflective DLL injection artifacts 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_ReflectiveLoader -
Detects ransomware indicator 1 IoCs
resource yara_rule sample SUSP_RANSOMWARE_Indicator_Jul20 -
GandCrab payload 1 IoCs
resource yara_rule sample family_gandcrab -
Gandcrab Payload 1 IoCs
resource yara_rule sample Gandcrab -
Gandcrab family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-01-23_9556e280bd6eaeb3663077c1f792cc07_gandcrab_karagany
Files
-
2024-01-23_9556e280bd6eaeb3663077c1f792cc07_gandcrab_karagany.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 81KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ