General
-
Target
2024-02-21_d7e85fb1c06bc162bc36dca6930dac03_gandcrab
-
Size
147KB
-
Sample
240221-s6gncaah23
-
MD5
d7e85fb1c06bc162bc36dca6930dac03
-
SHA1
dfd175c697917d602ed4c0607c823d67de589d8e
-
SHA256
a42987bd6a481a6e35e060ff2cbd909b4270b98527a8f2b503e62875b3d381d9
-
SHA512
0471acc873c1b5af89d1eb4cc30070cef63a3368a447a97c1b855ff3d4d6e9f3a0a80616e2720fcd8e38e4cc5d4c8585ef98d853c8b4d6effa79a70b9dc66165
-
SSDEEP
3072:rBounVyFHFMqqDL2/LgHkc2U6FiPZ8aewZ2ql5f2J9lj:rqxHmqqDL6EHl2U6CbeOl5f2Fj
Malware Config
Targets
-
-
Target
2024-02-21_d7e85fb1c06bc162bc36dca6930dac03_gandcrab
-
Size
147KB
-
MD5
d7e85fb1c06bc162bc36dca6930dac03
-
SHA1
dfd175c697917d602ed4c0607c823d67de589d8e
-
SHA256
a42987bd6a481a6e35e060ff2cbd909b4270b98527a8f2b503e62875b3d381d9
-
SHA512
0471acc873c1b5af89d1eb4cc30070cef63a3368a447a97c1b855ff3d4d6e9f3a0a80616e2720fcd8e38e4cc5d4c8585ef98d853c8b4d6effa79a70b9dc66165
-
SSDEEP
3072:rBounVyFHFMqqDL2/LgHkc2U6FiPZ8aewZ2ql5f2J9lj:rqxHmqqDL6EHl2U6CbeOl5f2Fj
Score10/10-
GandCrab payload
-
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Detects Reflective DLL injection artifacts
-
Detects ransomware indicator
-
Gandcrab Payload
-
UPX dump on OEP (original entry point)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-