gandcrab

Sharing

Copy URL

Twitter E-mail

General

Target

malware-samples-master.zip
Size

50.8MB
Sample

240217-spywasgb3v
MD5

04ff5205025adf73e9ce2d5284a7c816
SHA1

4f92ea61f1535165724316b471903df8e3f1a3e4
SHA256

3b61757c276c9f823c8d49f5322338891335c6ea17649ba0b39e36237d5d399d
SHA512

6afe2e19df0d2efe7aef97096393f3e1ab05eeeac4117d0928c356034694b688efbc7d3568f7cc1093b5f4c4e2d22ed9d1dc333c2ecf44783b4bff9e77c0d836
SSDEEP

786432:V/CyJ98/pUEUjJprn7YTB/jddy/Dhrbe5uGYjd0AFOOho49+qjbXAyXyFzToRye3:VTW+jJpQdC1zG0+A0x49+QbAb/oNJ

Score

10^/10

Malware Config

Targets

- Target
  
  8200755cbedd6f15eecd8207eba534709a01957b172d7a051b9cc4769ddbf233.bin
- Size
  
  1.4MB
- MD5
  
  f2e1d236c5d2c009e1749fc6479a9ede
- SHA1
  
  262c22ffd66c33da641558f3da23f7584881a782
- SHA256
  
  8200755cbedd6f15eecd8207eba534709a01957b172d7a051b9cc4769ddbf233
- SHA512
  
  3b3174ac17e377028accf1ebfd6bd6ae97fc99c4e7814f8ad0fe707dc77d757f26d667333efb495a9b9768d49672737233c88d7a50b4dc81ad170f068ad95cc1
- SSDEEP
  
  24576:6EpKGrwKydag/jU7IZK8LNmf2+r+eauoUWg6ye2tX9t5WR4MJh:6nGrwKtg7U7I88Zi2/xxyeAt06a
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  29c7e87350cb03428fc108b03856095b
- Size
  
  76KB
- MD5
  
  29c7e87350cb03428fc108b03856095b
- SHA1
  
  72980f194cbdc7c0d5944d4858b27e69a2fa0074
- SHA256
  
  a747fb581c02d1a30f5ed122be58541fd951aa8843e7ab8893755b65ee50ff27
- SHA512
  
  4849eb02b2bc19cfd85585f1a906d557f97b9bf5ecbb4d94c4e5d5c319d438748cf30fdb1f3d7ff13961c0507243e865be76dc3985ba80fa72e3f5c6ef3cefb0
- SSDEEP
  
  1536:pv+yNLcKJsJvmIfL8f8vvMHZYyUvBszRu4zLbNf1BnJNP7dcF:dTLHA5fL7vjyU5WBXNf1NjdY
Score

1^/10
behavioral2
- Target
  
  49cccd30a564410d1f9bbce89fa15890.bin
- Size
  
  49KB
- MD5
  
  49cccd30a564410d1f9bbce89fa15890
- SHA1
  
  cc1bfc5f395dcb3241058bec5c656045ee17c944
- SHA256
  
  2dc0f0286e2fadda2881a1dd767d065493af87c6528e563804fa39e8618bf447
- SHA512
  
  70a983b5b01227ec9d14cb852d9e5235883dc872420b55999e65f0633b599a106a04f7bc6f0c9ef091858ed334d410f4cdc903425cdedf614bb569a3e4f99398
- SSDEEP
  
  1536:iTdytmznUkJTbcBPQtXCUP5rKdQz4nBxP5lm:sdy0znnbpDlszC
Score

9^/10

discovery
- Contacts a large (4992) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral3
- Target
  
  b17911ddeab973db51362721c940d882
- Size
  
  76KB
- MD5
  
  b17911ddeab973db51362721c940d882
- SHA1
  
  9cc11b7f5eaef6dcbb09bf8af99c24a8292f6a0c
- SHA256
  
  1515cf2bace264bdecb76a9ac6691084ca5cd77d4d6715b96dc140dddb5c4f8b
- SHA512
  
  bac484f81ef2edf8900e0ffaf1547cef174b1f471a0e4d2d946a6e5ec2cd207693e42104d55e3ffdda0ce3c03374a9ca04e323bccebc688ddad4074d429802a4
- SSDEEP
  
  1536:nlPR0uxKlV528faprA64cJdDf/BOHvH2vXKNf1BnJNP7dcF:BRMM8fupdr/ONf1NjdY
Score

1^/10
behavioral4
- Target
  
  02ca4397da55b3175aaa1ad2c99981e792f66151.bin
- Size
  
  1.5MB
- MD5
  
  aba2d86ed17f587eb6d57e6c75f64f05
- SHA1
  
  aeccba64f4dd19033ac2226b4445faac05c88b76
- SHA256
  
  807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d
- SHA512
  
  c3f276820d6b2872c98fa36c7b62f236f9f2650b344a243a30dcda9ca08726f6ce27c5c380b4256a1a7d8d4309e1f2f270f10bad18099a8c9e1835925ea51806
- SSDEEP
  
  24576:pWKqa4hnzP3w7L3rmZmpk7FSQFW2iJ+N07/TwYV1CdZdQ+4lT+iFgiGTtswAtdz:pSrwf3aZmpOFU2iQNIUc1LxGTtswgd
Score

1^/10
behavioral5
- Target
  
  022aeb126d2d80e683f7f2a3ee920874.bin
- Size
  
  64KB
- MD5
  
  022aeb126d2d80e683f7f2a3ee920874
- SHA1
  
  b71b6d9af65c6afc4af9d546a330c097aafe3592
- SHA256
  
  bdd816b9d85947b9bd7f2462d6b177dd6dadfe83723fd4dde4eded130177b218
- SHA512
  
  e0d818f432431b8b40b303d79526001adc7f71f86a565f2dacb459094f47f3ef1711da8c3cb34d13b2bd91b69542cb079f54af952ac2697778ee2b7c5d087de8
- SSDEEP
  
  768:2W8+9FisiTZdz4HLCLTRnVuwGiJTPpfl6dW6WsyqAgg8RCW+jl2WDMrL4:2sisiTuLCLTRVuwZp5l/lsyqFg8B+RP
Score

9^/10

discovery
- Contacts a large (133318) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral6
- Target
  
  smb-7teux2sm.exe
- Size
  
  56KB
- MD5
  
  f024ff4176f0036f97ebc95decfd1d5e
- SHA1
  
  010c623120a373b1a8e6d9339540e0cfe745b574
- SHA256
  
  7b2f8c43b4c92fb2add9fce264e92668dac2530493c51c5d6b45dcb764e208ed
- SHA512
  
  d52ddb217f3a6bbaa7bde6c9a268720bf7d055796dafa7687a06533507727a05ec45a0dc08d8b3e3149ddc53bb4f6c1cffce2ce71f80d05b49177a390995fd50
- SSDEEP
  
  768:1W8+9FisiTNdzkHLCLTXnNuSGgJTPpfl6XWIWsyqA2g8/8WIjl2QDMrL4:1sisiT2LCLT3NuSvp5llTsyqDg8NIRd
Score

9^/10

discovery
- Contacts a large (133502) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral7
- Target
  
  smb-onil0o36.bin
- Size
  
  64KB
- MD5
  
  1877eded2f4a8c06ab480faa42d81969
- SHA1
  
  848910b3a6fd70e3941a3f0499c73b99c2c79396
- SHA256
  
  e9068c65d9d42582ea3874bc0a388936dbbe4bc4fc89432db01c0995146c18d2
- SHA512
  
  605f2d78d5edc809ec201fa5f2096955bd8f7c6adf5b0a0241dce10cb4b89aecd65eed352705a71f191aae3f18d2b371b1a595d0f4ef4ba1c0da4893c25e81ea
- SSDEEP
  
  768:2W8+9FisiTZdz4HLCLTRnVuwGiJTPpfl6dW6WsyqAgg8RCW+jl2WDMrL4:2sisiTuLCLTRVuwZp5l/lsyqFg8B+RP
Score

9^/10

discovery
- Contacts a large (133202) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral8
- Target
  
  malware-samples-master/Ransomware/Grandcrab/grandcab.bin
- Size
  
  484KB
- MD5
  
  97a449fed7d800a8a635592605ff8a67
- SHA1
  
  2f339d8b2edb7c07126d9a3c37effe14966817c5
- SHA256
  
  233437b647f9482a8a3ba51d0af69039bb58fb48609704a39db1f709a0e6aca6
- SHA512
  
  85b4b260b801c54927f7b985d5f9fb891e44e5f72f9dcf9656684f8872339480ded94b4f3ba44d71fa491b88243f99155e3ecc7b3005fb5fbe24b1d10f47e4c3
- SSDEEP
  
  12288:hEm67VkaivvtYku9hoVw7G/znXoABEg6s0u1Tw:dEivv+bGuuznXONq10
Score

10^/10

gandcrab backdoor ransomware
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral9
- Target
  
  malware-samples-master/Ransomware/Petya/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c (1)
- Size
  
  788KB
- MD5
  
  a92f13f3a1b3b39833d3cc336301b713
- SHA1
  
  d1c62ac62e68875085b62fa651fb17d4d7313887
- SHA256
  
  4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c
- SHA512
  
  361a5199b5a6321d88f6e7b66eaad3756b4ea7a706fa9dbbe3ffe29217f673d12dd1200e05f96c2175feffc6fecc7f09fda4dd6bfa0ce7bef3d9372f6a534920
- SSDEEP
  
  24576:z0wz1d5bAbWhrc56zQ9T4Ole+5PIuklOjB:Hd5Vhr4IMTbeGPJHjB
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral10
- Target
  
  malware-samples-master/mitre-attack/Emotet+Trickbot_comparison.xlsx
- Size
  
  14KB
- MD5
  
  248cd700a82449f4b0d107e6a934ae2b
- SHA1
  
  d1763d827d614ddd6f3ca046ec6d1cf880f4dc25
- SHA256
  
  6ff88255226a7f0de338e8383904a6fd8af5eb630c28ae6846b107de41fa22ef
- SHA512
  
  c5755cc015b3e6aa30ce1c87c05a7712fc7939f57d7d470025a50c8d280ad53d97701f34b85b8f9300652989720915ccac28a22925e73ea48455116f37c31746
- SSDEEP
  
  384:YlbZERmunyjfOOTXC6ACMYMx3pF5dBwDVfJZKTvazDpzQ:OdunyXXC6jzqTKVxZ7zDC
Score

1^/10
behavioral11