_ReflectiveLoader@0
Behavioral task
behavioral1
Sample
2024-02-13_9d386c2808faa94b04a1a5f1b7813228_gandcrab.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-13_9d386c2808faa94b04a1a5f1b7813228_gandcrab.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-02-13_9d386c2808faa94b04a1a5f1b7813228_gandcrab
-
Size
97KB
-
MD5
9d386c2808faa94b04a1a5f1b7813228
-
SHA1
9254dc84a5a35fefab9bdd74e670fced2d344df8
-
SHA256
8cfd9715406cd8409786876c269fe120d9092777a7b52debf572b93e86ffd72d
-
SHA512
39063306a3ed67023948a82299f9dda1fa1aa797b3f252cf19089620c0de841d9505ed4234b76986203a7227d50da5a79055e94f1a327dfcde95e16552a2dddc
-
SSDEEP
1536:wZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHkD:eBounVyFHFMqqDL2/LgHkc2
Malware Config
Signatures
-
Detects Reflective DLL injection artifacts 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_ReflectiveLoader -
Detects ransomware indicator 1 IoCs
resource yara_rule sample SUSP_RANSOMWARE_Indicator_Jul20 -
GandCrab payload 1 IoCs
resource yara_rule sample family_gandcrab -
Gandcrab Payload 1 IoCs
resource yara_rule sample Gandcrab -
Gandcrab family
-
UPX dump on OEP (original entry point) 1 IoCs
resource yara_rule sample UPX -
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-02-13_9d386c2808faa94b04a1a5f1b7813228_gandcrab
Files
-
2024-02-13_9d386c2808faa94b04a1a5f1b7813228_gandcrab.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Exports
Exports
Sections
UPX0 Size: 62KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE