Overview

overview

10

Static

static

3

2024-02-25...ia.exe

windows7-x64

10

2024-02-25...ia.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-02-25_a7088d8b8d199322e9a73c92558ef23b_karagany_mafia

  • Size

    308KB

  • Sample

    240225-gl2x1adc24

  • MD5

    a7088d8b8d199322e9a73c92558ef23b

  • SHA1

    4ed1878f6595fed4ac49ea7934094ebac1e1e429

  • SHA256

    67bf9bd417410af9d937736d581fc49029371188350a94847a48dc7de710a763

  • SHA512

    103d78678dfddc00718132a48d8951421a67c83c4f8023119688c07e1a798ec583e54c84cfe495fc303cf87685568c91987372e7f8ef418640ab7bd465566f1e

  • SSDEEP

    6144:1zL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:rDHNam62ZdKmZmuPH

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-02-25_a7088d8b8d199322e9a73c92558ef23b_karagany_mafia

    • Size

      308KB

    • MD5

      a7088d8b8d199322e9a73c92558ef23b

    • SHA1

      4ed1878f6595fed4ac49ea7934094ebac1e1e429

    • SHA256

      67bf9bd417410af9d937736d581fc49029371188350a94847a48dc7de710a763

    • SHA512

      103d78678dfddc00718132a48d8951421a67c83c4f8023119688c07e1a798ec583e54c84cfe495fc303cf87685568c91987372e7f8ef418640ab7bd465566f1e

    • SSDEEP

      6144:1zL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:rDHNam62ZdKmZmuPH

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks