Overview

overview

10

Static

static

3

2024-03-29...ia.exe

windows7-x64

10

2024-03-29...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-03-29_d0cc74d54a208073ff298ba147171b15_karagany_mafia

  • Size

    308KB

  • Sample

    240329-1q7tlaaf71

  • MD5

    d0cc74d54a208073ff298ba147171b15

  • SHA1

    74dd060d842852b34d8bef833967b98a064bfce7

  • SHA256

    cfec01a5f4fc8c4fe47ca844630b45008993867c8dc831c8647e6dbbdea29ca1

  • SHA512

    94d95ebf06c3674fd1983ac4f7ae7d55363dc1182db5699fc31fc2f06ab87b1c23d184bf8718ee0f43f790a009edeb228346546db81ba5a5f86795553e2bad39

  • SSDEEP

    6144:kZ5fh1s4mex2OO8bAiZ0YDChe8UN5alW6jx+n:w5frs4f2OOm/Ao8UNglGn

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-03-29_d0cc74d54a208073ff298ba147171b15_karagany_mafia

    • Size

      308KB

    • MD5

      d0cc74d54a208073ff298ba147171b15

    • SHA1

      74dd060d842852b34d8bef833967b98a064bfce7

    • SHA256

      cfec01a5f4fc8c4fe47ca844630b45008993867c8dc831c8647e6dbbdea29ca1

    • SHA512

      94d95ebf06c3674fd1983ac4f7ae7d55363dc1182db5699fc31fc2f06ab87b1c23d184bf8718ee0f43f790a009edeb228346546db81ba5a5f86795553e2bad39

    • SSDEEP

      6144:kZ5fh1s4mex2OO8bAiZ0YDChe8UN5alW6jx+n:w5frs4f2OOm/Ao8UNglGn

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks