gandcrab | 2934f2415bd25a562d6185c49588e559b4fa6862ee6bb4d8bd04ad3a9937c545 | Triage

Submit
Reports

Overview

overview

Static

static

2024-01-25...ab.exe

windows7-x64

2024-01-25...ab.exe

windows10-2004-x64

Sharing

General

Target

2024-01-25_b9cdd427a4f6b44e19cfdf85fbdf5820_gandcrab
Size

147KB
Sample

240125-s8lebaaac7
MD5

b9cdd427a4f6b44e19cfdf85fbdf5820
SHA1

1dbedf3118e87c1a77de8aa807b51e5d2c3e938e
SHA256

2934f2415bd25a562d6185c49588e559b4fa6862ee6bb4d8bd04ad3a9937c545
SHA512

9e6939868024373db20557bb95f29500159ef25519f35e66688cfb474e9fd1533d8fa0178f21b287ec77e6bbacc31f06fde3219bda51659e9b035b5bc39c92a9
SSDEEP

3072:xBounVyFHFMqqDL2/LgHkc2U6FiPZ8aewZ2ql5f2J9lj:xqxHmqqDL6EHl2U6CbeOl5f2Fj

Score

10^/10

gandcrab kinsing backdoor loader persistence ransomware upx

Static task

static1

8 signatures

Behavioral task

behavioral1

Sample

2024-01-25_b9cdd427a4f6b44e19cfdf85fbdf5820_gandcrab.exe

Resource

win7-20231215-en

gandcrab backdoor persistence ransomware upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-01-25_b9cdd427a4f6b44e19cfdf85fbdf5820_gandcrab.exe

Resource

win10v2004-20231215-en

gandcrab kinsing backdoor loader persistence ransomware upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-01-25_b9cdd427a4f6b44e19cfdf85fbdf5820_gandcrab
- Size
  
  147KB
- MD5
  
  b9cdd427a4f6b44e19cfdf85fbdf5820
- SHA1
  
  1dbedf3118e87c1a77de8aa807b51e5d2c3e938e
- SHA256
  
  2934f2415bd25a562d6185c49588e559b4fa6862ee6bb4d8bd04ad3a9937c545
- SHA512
  
  9e6939868024373db20557bb95f29500159ef25519f35e66688cfb474e9fd1533d8fa0178f21b287ec77e6bbacc31f06fde3219bda51659e9b035b5bc39c92a9
- SSDEEP
  
  3072:xBounVyFHFMqqDL2/LgHkc2U6FiPZ8aewZ2ql5f2J9lj:xqxHmqqDL6EHl2U6CbeOl5f2Fj
Score

10^/10

gandcrab backdoor persistence ransomware upx kinsing loader
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Detects Reflective DLL injection artifacts
- Detects ransomware indicator
- Gandcrab Payload
- UPX dump on OEP (original entry point)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwareupx

behavioral2

gandcrabkinsingbackdoorloaderpersistenceransomwareupx

© 2018-2024

Terms | Privacy