gandcrab | 2024-01-28_191dda64e910d3e943ee87c1866367a7_gandcrab_ganelp

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-28_191dda64e910d3e943ee87c1866367a7_gandcrab_ganelp
Size

2.0MB
MD5

191dda64e910d3e943ee87c1866367a7
SHA1

c6562711d8da2dbdee22d98dc5d80f294d1014b0
SHA256

2b629c75f133582a187ba2a075ef3100b30f5eb0d361f85cd16f8567c0ebe7d1
SHA512

c5ef98ab3d841cb2aa124213913856abffa8262f2a3f62388e1451eaf5dface8ce66fd129a7c0b7ee2b570a14cf123bfbfcdbd9880a179ee1e678673848b8660
SSDEEP

24576:1ae/y40+0wojVx2D0HG5f3+6c4JcOf52EIdvZWZ9hCyFI/mrwVf52EIdvZWZ9hpv:1r/B0N3f2kBiBmxY9hC/XBmxY9hpl75

Score

10^/10

aspackv2 gandcrab

Malware Config

Extracted

Family

gandcrab

http://gdcbghvjyqy7jclk.onion.top/

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Detects executables packed with ASPack 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ASPack

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab Payload 1 IoCs

resource	yara_rule
sample	Gandcrab

Gandcrab family
gandcrab

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
sample	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-28_191dda64e910d3e943ee87c1866367a7_gandcrab_ganelp

Files

2024-01-28_191dda64e910d3e943ee87c1866367a7_gandcrab_ganelp
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata51
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata5
Size: 144KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ggg8
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ggg7
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ggg6
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.data Size: 1024B - Virtual size: 4KB

.rdata51 Size: 512B - Virtual size: 4KB

.rdata5 Size: 144KB - Virtual size: 252KB

.text Size: 2KB - Virtual size: 4KB

ggg8 Size: 512B - Virtual size: 4KB

ggg7 Size: 512B - Virtual size: 4KB

ggg6 Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 52KB

.reloc Size: 512B - Virtual size: 32KB

.aspack Size: 52KB - Virtual size: 52KB

.adata Size: - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 4KB

.rdata51
Size: 512B - Virtual size: 4KB

.rdata5
Size: 144KB - Virtual size: 252KB

.text
Size: 2KB - Virtual size: 4KB

ggg8
Size: 512B - Virtual size: 4KB

ggg7
Size: 512B - Virtual size: 4KB

ggg6
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 52KB

.reloc
Size: 512B - Virtual size: 32KB

.aspack
Size: 52KB - Virtual size: 52KB

.adata
Size: - Virtual size: 4KB