General
-
Target
2024-06-15_d4db544fa0949e4cc2e0f95fd3682195_gandcrab
-
Size
109KB
-
Sample
240615-qjnr2awbkr
-
MD5
d4db544fa0949e4cc2e0f95fd3682195
-
SHA1
6970bc317c02145c3a094b8f8f7992327f4ead73
-
SHA256
6b13ad5a77aad12170346f53236c947e0de40ae8f22dd506b65f57c7d0b30eda
-
SHA512
ae267d952e0b7dd0daf261c551c0f9feb4785e64e935753e0f628e7873486d8efc21c989c161a8dcc7adc9c081bfa094f533708d8004c68d17007f113de2e7b1
-
SSDEEP
3072:mMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6C:mXjOnr6jqqDL6aprYS6C
Behavioral task
behavioral1
Sample
2024-06-15_d4db544fa0949e4cc2e0f95fd3682195_gandcrab.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-06-15_d4db544fa0949e4cc2e0f95fd3682195_gandcrab.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
gandcrab
http://gdcbghvjyqy7jclk.onion.top/
Targets
-
-
Target
2024-06-15_d4db544fa0949e4cc2e0f95fd3682195_gandcrab
-
Size
109KB
-
MD5
d4db544fa0949e4cc2e0f95fd3682195
-
SHA1
6970bc317c02145c3a094b8f8f7992327f4ead73
-
SHA256
6b13ad5a77aad12170346f53236c947e0de40ae8f22dd506b65f57c7d0b30eda
-
SHA512
ae267d952e0b7dd0daf261c551c0f9feb4785e64e935753e0f628e7873486d8efc21c989c161a8dcc7adc9c081bfa094f533708d8004c68d17007f113de2e7b1
-
SSDEEP
3072:mMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6C:mXjOnr6jqqDL6aprYS6C
Score10/10-
GandCrab payload
-
Detects ransomware indicator
-
Gandcrab Payload
-
UPX dump on OEP (original entry point)
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-