Overview

overview

10

Static

static

3

2024-03-28...ia.exe

windows7-x64

10

2024-03-28...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-03-28_8d8bab16f12718d8da1d8532122420b9_mafia

  • Size

    300KB

  • Sample

    240328-1m8lqahd6v

  • MD5

    8d8bab16f12718d8da1d8532122420b9

  • SHA1

    c2285ce19a0fe37bbc6e274eb199d32e40afabff

  • SHA256

    aecf281eed8497421a33d5c18fc7980069de384d71de0493be9fd20921221879

  • SHA512

    91cf899dfafb7ded1f81a9b9000c46194ceef7ba30baaf88736257532298fdcff9ee256a631f9c442f56999b16473888835874c9c05539761f1bf39064ed73e0

  • SSDEEP

    6144:gvEANMO1UnseVgkV0xwvfxnhLTiusLe1740B:PuM0Unsna5mut40B

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-03-28_8d8bab16f12718d8da1d8532122420b9_mafia

    • Size

      300KB

    • MD5

      8d8bab16f12718d8da1d8532122420b9

    • SHA1

      c2285ce19a0fe37bbc6e274eb199d32e40afabff

    • SHA256

      aecf281eed8497421a33d5c18fc7980069de384d71de0493be9fd20921221879

    • SHA512

      91cf899dfafb7ded1f81a9b9000c46194ceef7ba30baaf88736257532298fdcff9ee256a631f9c442f56999b16473888835874c9c05539761f1bf39064ed73e0

    • SSDEEP

      6144:gvEANMO1UnseVgkV0xwvfxnhLTiusLe1740B:PuM0Unsna5mut40B

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks