Overview

overview

10

Static

static

10

2024-06-14...ab.exe

windows7-x64

10

2024-06-14...ab.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-06-14_fd98c6e878e5ed41966bc7e43f317a53_gandcrab

  • Size

    99KB

  • MD5

    fd98c6e878e5ed41966bc7e43f317a53

  • SHA1

    5d9aa4aaf20758bdacf75ee32b0251e2efda281c

  • SHA256

    301f9cee440792c36a79f81e080c77bcbd248fb29d81ec08a72914001a3f310b

  • SHA512

    04c8f27b5cacb6e549c55603f481d9a4e4a674a07de976152d6d6d9b0b9ec555138650b564b93e855bf8128e0f7a56fc1ba8374f0683be3c32a9bd1f5fd1c202

  • SSDEEP

    3072:MMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6:MXjOnr6jqqDL6aprYS6

Score
10/10
upxgandcrab

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Signatures

  • Detects ransomware indicator 1 IoCs
  • GandCrab payload 1 IoCs
  • Gandcrab Payload 1 IoCs
  • Gandcrab family
    gandcrab
  • UPX dump on OEP (original entry point) 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-06-14_fd98c6e878e5ed41966bc7e43f317a53_gandcrab
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections