Overview

overview

10

Static

static

3

2024-04-08...ia.exe

windows7-x64

10

2024-04-08...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-08_87c3be9e584b736622694cea5ff007cd_karagany_mafia

  • Size

    425KB

  • Sample

    240408-t4jkladh95

  • MD5

    87c3be9e584b736622694cea5ff007cd

  • SHA1

    36c5a6a4a652925a578388764e28151067ccdfe8

  • SHA256

    69bd96fa4a2b455cb23e32d49d980d62e26e8818b296aa8ec08a302d48605cce

  • SHA512

    577a5f257d1dd8ef411ca13f348bbd8111aaefb85d31169f0cb3be20e87ef5e4e4518b279461501f64d3bfb5ef84138a3e4f7c5e14e603ccd4c2e3084e64f5eb

  • SSDEEP

    6144:BV8WkJntg7zTULdAa7sumOVgibHVyKurXXgENi73LGrJ:B8ntm/U5a/tAArXXLNmKrJ

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-04-08_87c3be9e584b736622694cea5ff007cd_karagany_mafia

    • Size

      425KB

    • MD5

      87c3be9e584b736622694cea5ff007cd

    • SHA1

      36c5a6a4a652925a578388764e28151067ccdfe8

    • SHA256

      69bd96fa4a2b455cb23e32d49d980d62e26e8818b296aa8ec08a302d48605cce

    • SHA512

      577a5f257d1dd8ef411ca13f348bbd8111aaefb85d31169f0cb3be20e87ef5e4e4518b279461501f64d3bfb5ef84138a3e4f7c5e14e603ccd4c2e3084e64f5eb

    • SSDEEP

      6144:BV8WkJntg7zTULdAa7sumOVgibHVyKurXXgENi73LGrJ:B8ntm/U5a/tAArXXLNmKrJ

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Detects Reflective DLL injection artifacts

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks