Overview

overview

10

Static

static

3

2024-02-21...ia.exe

windows7-x64

10

2024-02-21...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-02-21_78e8893b5aa7d66eb0f75003f0399151_mafia

  • Size

    325KB

  • Sample

    240221-vaz6xsbd3w

  • MD5

    78e8893b5aa7d66eb0f75003f0399151

  • SHA1

    3b92cd7ebe9fc4838fa4aaf20b60ae16fb0f59f7

  • SHA256

    cdc5ac7f47925152cb3519f23bdf6246a10d911e7faae7fffdeea7240ce2c0b5

  • SHA512

    fb485cce090c1772f8b7c01f9f878724a97e98a06f6e931e858070e02c6a7092cb2222c5b8840ab3b22f0d3339b0322a4b3da937d2984a3e1cfa83e218f04f28

  • SSDEEP

    6144:95OGTnncBQmBCjTlOgLA3tjp7OEyXk0Lk3dgvXr:fBTwrBCjTcgLA33aEyUak3dgvb

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-02-21_78e8893b5aa7d66eb0f75003f0399151_mafia

    • Size

      325KB

    • MD5

      78e8893b5aa7d66eb0f75003f0399151

    • SHA1

      3b92cd7ebe9fc4838fa4aaf20b60ae16fb0f59f7

    • SHA256

      cdc5ac7f47925152cb3519f23bdf6246a10d911e7faae7fffdeea7240ce2c0b5

    • SHA512

      fb485cce090c1772f8b7c01f9f878724a97e98a06f6e931e858070e02c6a7092cb2222c5b8840ab3b22f0d3339b0322a4b3da937d2984a3e1cfa83e218f04f28

    • SSDEEP

      6144:95OGTnncBQmBCjTlOgLA3tjp7OEyXk0Lk3dgvXr:fBTwrBCjTcgLA33aEyUak3dgvb

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks