gandcrab | 240426-x2dhcaad62_pw_infected[.]zip | Triage

Sharing

General

Target

240426-x2dhcaad62_pw_infected.zip
Size

34KB
MD5

60ffa089286ac8581d3d94304ed3386f
SHA1

14b7c668be9ee476e66a12f9b84317e3656bc809
SHA256

d27d441fb8c116418aa3f59da7bb4e29e82db15a83d7d52c837de33d7abab421
SHA512

4dfc5031b108492cb01d985f2b00eb347fea126f66957a8868c5afb1cf800663ff1b53d2e2f2c26a9df9f70151a3c312fd0cc8c240df0a68d9dca4c6fd5e4442
SSDEEP

768:DuWofymDykCfmjYMEmoOGJHYjrQ0IuiPhdczrxx91lmOeEJg:iK+JBjYMBoT5+00tiPvcvb9qT

Score

10^/10

gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/00e7b0385d86046c8c210fbebb8e8eb8_JaffaCakes118	family_gandcrab

Gandcrab family
gandcrab

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/00e7b0385d86046c8c210fbebb8e8eb8_JaffaCakes118

Files

240426-x2dhcaad62_pw_infected.zip
.zip

Password: infected
00e7b0385d86046c8c210fbebb8e8eb8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_ReflectiveLoader@0

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ