General
-
Target
fb7a9c1ef9b0b7e8316eae65c17bca170cf249709cb8d8855fd22a0b73281970
-
Size
2.5MB
-
Sample
240330-c9y4ssgc23
-
MD5
aca74bc20ebfb298fc29f0a61de4a73f
-
SHA1
cef70208c5c687a90bc043c7ce1947d6bac03ee9
-
SHA256
fb7a9c1ef9b0b7e8316eae65c17bca170cf249709cb8d8855fd22a0b73281970
-
SHA512
4241c4c9a6540e1a414783be1a9a2d3a602e4f161a761155232b5f5e265fcfb26cee8c3718a7d1589ed3581b7cfbc6e5a4116bc0ef237d875beee55cafe59b84
-
SSDEEP
49152:dKjMkd5MbJTarRi28O9iCgXTG3j9criID8sBKRqW5RSv6T5WaHtbJaew:fo5MbxaruO0CgUj98iI8mBWjSSTcstbq
Static task
static1
Behavioral task
behavioral1
Sample
fb7a9c1ef9b0b7e8316eae65c17bca170cf249709cb8d8855fd22a0b73281970.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fb7a9c1ef9b0b7e8316eae65c17bca170cf249709cb8d8855fd22a0b73281970.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
fb7a9c1ef9b0b7e8316eae65c17bca170cf249709cb8d8855fd22a0b73281970
-
Size
2.5MB
-
MD5
aca74bc20ebfb298fc29f0a61de4a73f
-
SHA1
cef70208c5c687a90bc043c7ce1947d6bac03ee9
-
SHA256
fb7a9c1ef9b0b7e8316eae65c17bca170cf249709cb8d8855fd22a0b73281970
-
SHA512
4241c4c9a6540e1a414783be1a9a2d3a602e4f161a761155232b5f5e265fcfb26cee8c3718a7d1589ed3581b7cfbc6e5a4116bc0ef237d875beee55cafe59b84
-
SSDEEP
49152:dKjMkd5MbJTarRi28O9iCgXTG3j9criID8sBKRqW5RSv6T5WaHtbJaew:fo5MbxaruO0CgUj98iI8mBWjSSTcstbq
Score10/10-
GandCrab payload
-
Detects Reflective DLL injection artifacts
-
Detects ransomware indicator
-
Gandcrab Payload
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-