Overview

overview

10

Static

static

3

2024-04-08...ia.exe

windows7-x64

10

2024-04-08...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-08_111cfeb515916e652061e1b2960e3a54_karagany_mafia

  • Size

    308KB

  • Sample

    240408-rshstaef5y

  • MD5

    111cfeb515916e652061e1b2960e3a54

  • SHA1

    c9653b3b74274cf7c484c4d01bb5c327c3f64c1d

  • SHA256

    9c90c3d883105fc8ff6dc4b3b20e138485d69c183ef59b9d9f48022525593bca

  • SHA512

    d9cba1317cc1d7501dc67e764a655e3d90044aaa67bb09bb38a93f89e8de84af8c36cb151246f50eb25a4e4521ddff7783fa8384e5119307871bf6a0146b33b3

  • SSDEEP

    6144:9zL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:zDHNam62ZdKmZmuPH

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-04-08_111cfeb515916e652061e1b2960e3a54_karagany_mafia

    • Size

      308KB

    • MD5

      111cfeb515916e652061e1b2960e3a54

    • SHA1

      c9653b3b74274cf7c484c4d01bb5c327c3f64c1d

    • SHA256

      9c90c3d883105fc8ff6dc4b3b20e138485d69c183ef59b9d9f48022525593bca

    • SHA512

      d9cba1317cc1d7501dc67e764a655e3d90044aaa67bb09bb38a93f89e8de84af8c36cb151246f50eb25a4e4521ddff7783fa8384e5119307871bf6a0146b33b3

    • SSDEEP

      6144:9zL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:zDHNam62ZdKmZmuPH

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks