Overview

overview

10

Static

static

3

2024-02-19...ia.exe

windows7-x64

10

2024-02-19...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-02-19_a6de8fc85284c24dfc9c35843ae5c530_karagany_mafia

  • Size

    250KB

  • Sample

    240219-jvdmwaba6w

  • MD5

    a6de8fc85284c24dfc9c35843ae5c530

  • SHA1

    00b77a313a3c7839421f1ae9dfd7e30848aaf9a1

  • SHA256

    f32eb39424a8ed0d964e7408131e880ffe91722443895c999219125029e373eb

  • SHA512

    c13a8b0de114538bb05c1a5cb027d34381297e01236587b6632ac39e36d04d8b6badeda4eeeb3381a7d20592d65320cd2f6da51589253679164e77bb04695625

  • SSDEEP

    6144:y+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxXq:uOCjaklYgVIpxIhDtR

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-02-19_a6de8fc85284c24dfc9c35843ae5c530_karagany_mafia

    • Size

      250KB

    • MD5

      a6de8fc85284c24dfc9c35843ae5c530

    • SHA1

      00b77a313a3c7839421f1ae9dfd7e30848aaf9a1

    • SHA256

      f32eb39424a8ed0d964e7408131e880ffe91722443895c999219125029e373eb

    • SHA512

      c13a8b0de114538bb05c1a5cb027d34381297e01236587b6632ac39e36d04d8b6badeda4eeeb3381a7d20592d65320cd2f6da51589253679164e77bb04695625

    • SSDEEP

      6144:y+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxXq:uOCjaklYgVIpxIhDtR

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks