Overview

overview

10

Static

static

3

2024-03-13...ia.exe

windows7-x64

10

2024-03-13...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-03-13_3922dbeb90b842a7f55959b171047597_karagany_mafia

  • Size

    308KB

  • Sample

    240313-y9zafsfg9x

  • MD5

    3922dbeb90b842a7f55959b171047597

  • SHA1

    e674effcbd21a0a26842bd07b67196f9f5ff90f8

  • SHA256

    6831771a2c041567dea81a166538a50d4a5d1341339a342ed4537dfbfc652699

  • SHA512

    2682aabf50cfe1080c51e38653a772b926dae2956833a7da6edbf5fe4b63656096214f0fbe139a2a6c2c3bcfd56cfaa181d4e40f29a10916c088c2ed66068600

  • SSDEEP

    6144:JzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:XDHNam62ZdKmZmuPH

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-03-13_3922dbeb90b842a7f55959b171047597_karagany_mafia

    • Size

      308KB

    • MD5

      3922dbeb90b842a7f55959b171047597

    • SHA1

      e674effcbd21a0a26842bd07b67196f9f5ff90f8

    • SHA256

      6831771a2c041567dea81a166538a50d4a5d1341339a342ed4537dfbfc652699

    • SHA512

      2682aabf50cfe1080c51e38653a772b926dae2956833a7da6edbf5fe4b63656096214f0fbe139a2a6c2c3bcfd56cfaa181d4e40f29a10916c088c2ed66068600

    • SSDEEP

      6144:JzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:XDHNam62ZdKmZmuPH

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks