Overview

overview

10

Static

static

3

2024-10-11...ny.exe

windows7-x64

10

2024-10-11...ny.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-11_227e040ace0375196e52bbfeb0a2b362_bkransomware_karagany

  • Size

    732KB

  • Sample

    241011-rcxl2a1crk

  • MD5

    227e040ace0375196e52bbfeb0a2b362

  • SHA1

    72065affef61aacc5dd66062cd7594045afb63a7

  • SHA256

    3fba7485b8b5692a779d44e928aebd17997f7c1acb6f996c193afcb0d569a69f

  • SHA512

    05658d5430fc242ea3b112934c3729ec57daf42a7f5bf23b231a8a8293ac8b03e06b15aa483d2aaa7f0b8a3ff8c678f038de80fc7cc37b269fd0ef3e969e7ca5

  • SSDEEP

    6144:cBb/GhISjsUpwWx7ko0dvmfMaZaocS427zkXQj3805rSj15jBvp9HxawFH4yeK1a:cBLGO0oWp6ZmEOazhsyQt5r

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      2024-10-11_227e040ace0375196e52bbfeb0a2b362_bkransomware_karagany

    • Size

      732KB

    • MD5

      227e040ace0375196e52bbfeb0a2b362

    • SHA1

      72065affef61aacc5dd66062cd7594045afb63a7

    • SHA256

      3fba7485b8b5692a779d44e928aebd17997f7c1acb6f996c193afcb0d569a69f

    • SHA512

      05658d5430fc242ea3b112934c3729ec57daf42a7f5bf23b231a8a8293ac8b03e06b15aa483d2aaa7f0b8a3ff8c678f038de80fc7cc37b269fd0ef3e969e7ca5

    • SSDEEP

      6144:cBb/GhISjsUpwWx7ko0dvmfMaZaocS427zkXQj3805rSj15jBvp9HxawFH4yeK1a:cBLGO0oWp6ZmEOazhsyQt5r

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks