General
-
Target
2024-03-26_dcdd81058756864f19eb7cf4658f2382_gandcrab
-
Size
147KB
-
Sample
240326-waqsxsfh53
-
MD5
dcdd81058756864f19eb7cf4658f2382
-
SHA1
14da85f455c0a433819befa8ee5cbe584caa3691
-
SHA256
030ae2c2726eaf142e2c4d02eb87ddd3d84fcad9ef1db651fdc647afee98523a
-
SHA512
178e3fa19d4e96b7405c840f18626b6270be8e8b891b3ab77d54f2a029d73ab7b4a6391509884b2276bc7c451a475eb061029b96a9a4ec5df3fc141cd9e70a47
-
SSDEEP
3072:LBounVyFHFMqqDL2/LgHkc2U6FiPZ8aewZ2ql5f2J9lj:LqxHmqqDL6EHl2U6CbeOl5f2Fj
Malware Config
Targets
-
-
Target
2024-03-26_dcdd81058756864f19eb7cf4658f2382_gandcrab
-
Size
147KB
-
MD5
dcdd81058756864f19eb7cf4658f2382
-
SHA1
14da85f455c0a433819befa8ee5cbe584caa3691
-
SHA256
030ae2c2726eaf142e2c4d02eb87ddd3d84fcad9ef1db651fdc647afee98523a
-
SHA512
178e3fa19d4e96b7405c840f18626b6270be8e8b891b3ab77d54f2a029d73ab7b4a6391509884b2276bc7c451a475eb061029b96a9a4ec5df3fc141cd9e70a47
-
SSDEEP
3072:LBounVyFHFMqqDL2/LgHkc2U6FiPZ8aewZ2ql5f2J9lj:LqxHmqqDL6EHl2U6CbeOl5f2Fj
Score10/10-
GandCrab payload
-
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Detects Reflective DLL injection artifacts
-
Detects ransomware indicator
-
Gandcrab Payload
-
UPX dump on OEP (original entry point)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-