Overview

overview

10

Static

static

3

2024-10-09...ia.exe

windows7-x64

10

2024-10-09...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-09_ab09eba407544f4d4e690ea5f88cfeb1_karagany_mafia

  • Size

    250KB

  • Sample

    241009-rrjnqawhrk

  • MD5

    ab09eba407544f4d4e690ea5f88cfeb1

  • SHA1

    89da92f787eaaf2b33b0eb15a674288c3712c098

  • SHA256

    6e8a7a0b349f7e1f0eb615b1b213f7d1140a7789db8fab18fa6e4222efb12525

  • SHA512

    d502def7ac971e24e7ff4bc628925aacf6c563002ac1453919777dc9aa58a4e75e7ebab754dadb413359ae24da85aca3abcc37c8147e75fae4fb5aa216b5c637

  • SSDEEP

    3072:i/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:i/y20Gj0r+EBFrkvlU3RvIUDOIN

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      2024-10-09_ab09eba407544f4d4e690ea5f88cfeb1_karagany_mafia

    • Size

      250KB

    • MD5

      ab09eba407544f4d4e690ea5f88cfeb1

    • SHA1

      89da92f787eaaf2b33b0eb15a674288c3712c098

    • SHA256

      6e8a7a0b349f7e1f0eb615b1b213f7d1140a7789db8fab18fa6e4222efb12525

    • SHA512

      d502def7ac971e24e7ff4bc628925aacf6c563002ac1453919777dc9aa58a4e75e7ebab754dadb413359ae24da85aca3abcc37c8147e75fae4fb5aa216b5c637

    • SSDEEP

      3072:i/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:i/y20Gj0r+EBFrkvlU3RvIUDOIN

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks