Overview

overview

10

Static

static

10

2024-01-25...ab.exe

windows7-x64

6

2024-01-25...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-01-25_9aa7dcd006b928e0773a236f1ed7b52d_gandcrab

  • Size

    88KB

  • Sample

    240125-s62zaaahcm

  • MD5

    9aa7dcd006b928e0773a236f1ed7b52d

  • SHA1

    34b528557393883a2b413851f6ff62f3f16a4823

  • SHA256

    7ad1acc9b843e920a5a574fbdc7ea2bf4cb9f503333f216642250c7c09851e65

  • SHA512

    6033c6a737c91295557ee236aeec9a6fb0a2713d714163f964e55dc9270d8f6d19209c3d4057aebceb107e569a1d944c2fae4d858f9f35622d4980f1b4cd3209

  • SSDEEP

    1536:drsWDX9pwpQUMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:djDX9pwzMqqDL2/mr3IdE8we0Avu5r+g

Score
10/10
gandcrabkinsingloaderpersistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      2024-01-25_9aa7dcd006b928e0773a236f1ed7b52d_gandcrab

    • Size

      88KB

    • MD5

      9aa7dcd006b928e0773a236f1ed7b52d

    • SHA1

      34b528557393883a2b413851f6ff62f3f16a4823

    • SHA256

      7ad1acc9b843e920a5a574fbdc7ea2bf4cb9f503333f216642250c7c09851e65

    • SHA512

      6033c6a737c91295557ee236aeec9a6fb0a2713d714163f964e55dc9270d8f6d19209c3d4057aebceb107e569a1d944c2fae4d858f9f35622d4980f1b4cd3209

    • SSDEEP

      1536:drsWDX9pwpQUMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:djDX9pwzMqqDL2/mr3IdE8we0Avu5r+g

    Score
    10/10
    persistencekinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks