General
-
Target
2024-02-19_77090dc3a95b954858381ff3bd62508c_gandcrab
-
Size
147KB
-
Sample
240219-t5zm7sgh63
-
MD5
77090dc3a95b954858381ff3bd62508c
-
SHA1
7bf5e13b9711b7ff9c927c0ae5973682adcc51e4
-
SHA256
fee47589df24671136834e635efe103ca7e5ee464f6449cdc6309b22ceb69294
-
SHA512
c669da46686c5e1da65b53ce3d96e9ff5e37920a43f071ce69ca42223d860d955f1eaf6f9b2d98a8e9cbe26d7f1c87f283cfed8c42039aa4b41f7a4a96c48059
-
SSDEEP
3072:ABounVyFHFMqqDL2/LgHkc2U6FiPZ8aewZ2ql5f2J9lj:AqxHmqqDL6EHl2U6CbeOl5f2Fj
Malware Config
Targets
-
-
Target
2024-02-19_77090dc3a95b954858381ff3bd62508c_gandcrab
-
Size
147KB
-
MD5
77090dc3a95b954858381ff3bd62508c
-
SHA1
7bf5e13b9711b7ff9c927c0ae5973682adcc51e4
-
SHA256
fee47589df24671136834e635efe103ca7e5ee464f6449cdc6309b22ceb69294
-
SHA512
c669da46686c5e1da65b53ce3d96e9ff5e37920a43f071ce69ca42223d860d955f1eaf6f9b2d98a8e9cbe26d7f1c87f283cfed8c42039aa4b41f7a4a96c48059
-
SSDEEP
3072:ABounVyFHFMqqDL2/LgHkc2U6FiPZ8aewZ2ql5f2J9lj:AqxHmqqDL6EHl2U6CbeOl5f2Fj
Score10/10-
GandCrab payload
-
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Detects Reflective DLL injection artifacts
-
Detects ransomware indicator
-
Gandcrab Payload
-
UPX dump on OEP (original entry point)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-