gandcrab | 2024-09-03_82e5bebd466df639b9baf5ae2bc7cae2_gandcrab | Triage

Sharing

General

Target

2024-09-03_82e5bebd466df639b9baf5ae2bc7cae2_gandcrab
Size

97KB
MD5

82e5bebd466df639b9baf5ae2bc7cae2
SHA1

8fcf26a1cbd5cc733fe18d016cbebbd276ca0732
SHA256

494586c5a47101a61aa5f386e5fef5eb6c98c921543f3739602076ff85479bb0
SHA512

cf7d528d0dd271105133804a3f91fb0cfb94736ad15fc1fd4c904bdebf511ff8cdd21d5cd27ace41d03baaef3a1c7255a2f0df320a96e3ff4b128b97dddbe5fc
SSDEEP

1536:WZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAlMqqU+2bbbAV2/S2LNmHkf:wBounVyFHkMqqDL2/LgHkctc

Score

10^/10

upx gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab family
gandcrab

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-03_82e5bebd466df639b9baf5ae2bc7cae2_gandcrab

Files

2024-09-03_82e5bebd466df639b9baf5ae2bc7cae2_gandcrab
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_ReflectiveLoader@0

Sections

UPX0
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE