Overview

overview

10

Static

static

3

2024-02-22...ia.exe

windows7-x64

10

2024-02-22...ia.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-02-22_e83bac0a500e17dfba67bc89f6ca2912_mafia

  • Size

    325KB

  • Sample

    240222-mwztaaga4t

  • MD5

    e83bac0a500e17dfba67bc89f6ca2912

  • SHA1

    5635b10c3ea4ee475b8496a7562d18f28daf874b

  • SHA256

    b9917cd5a09cd24f3145e5b299aa4d99156478fc2ee2f171ad737b77cc10f4ac

  • SHA512

    2a81d8e4e0599b1dc369d82872b647d11c6a89b6c6244d7306beb2ab9447e9d33b1aa4444a2db126b90383b206ab9f39d83ae829d8440077b57e7ddeab99628d

  • SSDEEP

    6144:95OGTnncBQmBCjTlOgLA3tjp7OEyXk0Lk3dgvXr:fBTwrBCjTcgLA33aEyUak3dgvb

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-02-22_e83bac0a500e17dfba67bc89f6ca2912_mafia

    • Size

      325KB

    • MD5

      e83bac0a500e17dfba67bc89f6ca2912

    • SHA1

      5635b10c3ea4ee475b8496a7562d18f28daf874b

    • SHA256

      b9917cd5a09cd24f3145e5b299aa4d99156478fc2ee2f171ad737b77cc10f4ac

    • SHA512

      2a81d8e4e0599b1dc369d82872b647d11c6a89b6c6244d7306beb2ab9447e9d33b1aa4444a2db126b90383b206ab9f39d83ae829d8440077b57e7ddeab99628d

    • SSDEEP

      6144:95OGTnncBQmBCjTlOgLA3tjp7OEyXk0Lk3dgvXr:fBTwrBCjTcgLA33aEyUak3dgvb

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks