gandcrab

Sharing

Copy URL

Twitter E-mail

General

Target

funnies.zip
Size

50.6MB
Sample

241013-el419aybna
MD5

20af42858c3eeb2192424c0aaeac58a3
SHA1

4029823a2ef5c60715c72b19a9b612345b05c932
SHA256

22d3ebe3ce470c960afed3845fcd99284708aef6416e417b165a9f665b32a70a
SHA512

6c28e9d4de0ddc5cfefd006f7a6704fbf0611694d42a248760c96655a8eefc554151142aa1a5b37eb0f5f5e24ef3d0fd4d131415e0121c5971c3bdac981c8878
SSDEEP

786432:z/CyLk8/pUZg/JpsPYTBojsdyKDhYbe5u+sjTO+FOOho49+qjfX9gfm3MyNEhQUP:zTvd/JpRdKRz+4S+0x49+QP9Rlfe

Score

10^/10

Malware Config

Targets

- Target
  
  8200755cbedd6f15eecd8207eba534709a01957b172d7a051b9cc4769ddbf233.bin
- Size
  
  1.4MB
- MD5
  
  f2e1d236c5d2c009e1749fc6479a9ede
- SHA1
  
  262c22ffd66c33da641558f3da23f7584881a782
- SHA256
  
  8200755cbedd6f15eecd8207eba534709a01957b172d7a051b9cc4769ddbf233
- SHA512
  
  3b3174ac17e377028accf1ebfd6bd6ae97fc99c4e7814f8ad0fe707dc77d757f26d667333efb495a9b9768d49672737233c88d7a50b4dc81ad170f068ad95cc1
- SSDEEP
  
  24576:6EpKGrwKydag/jU7IZK8LNmf2+r+eauoUWg6ye2tX9t5WR4MJh:6nGrwKtg7U7I88Zi2/xxyeAt06a
Score

8^/10

discovery evasion execution persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  29c7e87350cb03428fc108b03856095b
- Size
  
  76KB
- MD5
  
  29c7e87350cb03428fc108b03856095b
- SHA1
  
  72980f194cbdc7c0d5944d4858b27e69a2fa0074
- SHA256
  
  a747fb581c02d1a30f5ed122be58541fd951aa8843e7ab8893755b65ee50ff27
- SHA512
  
  4849eb02b2bc19cfd85585f1a906d557f97b9bf5ecbb4d94c4e5d5c319d438748cf30fdb1f3d7ff13961c0507243e865be76dc3985ba80fa72e3f5c6ef3cefb0
- SSDEEP
  
  1536:pv+yNLcKJsJvmIfL8f8vvMHZYyUvBszRu4zLbNf1BnJNP7dcF:dTLHA5fL7vjyU5WBXNf1NjdY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  49cccd30a564410d1f9bbce89fa15890.bin
- Size
  
  49KB
- MD5
  
  49cccd30a564410d1f9bbce89fa15890
- SHA1
  
  cc1bfc5f395dcb3241058bec5c656045ee17c944
- SHA256
  
  2dc0f0286e2fadda2881a1dd767d065493af87c6528e563804fa39e8618bf447
- SHA512
  
  70a983b5b01227ec9d14cb852d9e5235883dc872420b55999e65f0633b599a106a04f7bc6f0c9ef091858ed334d410f4cdc903425cdedf614bb569a3e4f99398
- SSDEEP
  
  1536:iTdytmznUkJTbcBPQtXCUP5rKdQz4nBxP5lm:sdy0znnbpDlszC
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  b17911ddeab973db51362721c940d882
- Size
  
  76KB
- MD5
  
  b17911ddeab973db51362721c940d882
- SHA1
  
  9cc11b7f5eaef6dcbb09bf8af99c24a8292f6a0c
- SHA256
  
  1515cf2bace264bdecb76a9ac6691084ca5cd77d4d6715b96dc140dddb5c4f8b
- SHA512
  
  bac484f81ef2edf8900e0ffaf1547cef174b1f471a0e4d2d946a6e5ec2cd207693e42104d55e3ffdda0ce3c03374a9ca04e323bccebc688ddad4074d429802a4
- SSDEEP
  
  1536:nlPR0uxKlV528faprA64cJdDf/BOHvH2vXKNf1BnJNP7dcF:BRMM8fupdr/ONf1NjdY
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  02ca4397da55b3175aaa1ad2c99981e792f66151.bin
- Size
  
  1.5MB
- MD5
  
  aba2d86ed17f587eb6d57e6c75f64f05
- SHA1
  
  aeccba64f4dd19033ac2226b4445faac05c88b76
- SHA256
  
  807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d
- SHA512
  
  c3f276820d6b2872c98fa36c7b62f236f9f2650b344a243a30dcda9ca08726f6ce27c5c380b4256a1a7d8d4309e1f2f270f10bad18099a8c9e1835925ea51806
- SSDEEP
  
  24576:pWKqa4hnzP3w7L3rmZmpk7FSQFW2iJ+N07/TwYV1CdZdQ+4lT+iFgiGTtswAtdz:pSrwf3aZmpOFU2iQNIUc1LxGTtswgd
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  022aeb126d2d80e683f7f2a3ee920874.bin
- Size
  
  64KB
- MD5
  
  022aeb126d2d80e683f7f2a3ee920874
- SHA1
  
  b71b6d9af65c6afc4af9d546a330c097aafe3592
- SHA256
  
  bdd816b9d85947b9bd7f2462d6b177dd6dadfe83723fd4dde4eded130177b218
- SHA512
  
  e0d818f432431b8b40b303d79526001adc7f71f86a565f2dacb459094f47f3ef1711da8c3cb34d13b2bd91b69542cb079f54af952ac2697778ee2b7c5d087de8
- SSDEEP
  
  768:2W8+9FisiTZdz4HLCLTRnVuwGiJTPpfl6dW6WsyqAgg8RCW+jl2WDMrL4:2sisiTuLCLTRVuwZp5l/lsyqFg8B+RP
Score

9^/10

discovery
- Contacts a large (10793) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral11 behavioral12
- Target
  
  smb-7teux2sm.exe
- Size
  
  56KB
- MD5
  
  f024ff4176f0036f97ebc95decfd1d5e
- SHA1
  
  010c623120a373b1a8e6d9339540e0cfe745b574
- SHA256
  
  7b2f8c43b4c92fb2add9fce264e92668dac2530493c51c5d6b45dcb764e208ed
- SHA512
  
  d52ddb217f3a6bbaa7bde6c9a268720bf7d055796dafa7687a06533507727a05ec45a0dc08d8b3e3149ddc53bb4f6c1cffce2ce71f80d05b49177a390995fd50
- SSDEEP
  
  768:1W8+9FisiTNdzkHLCLTXnNuSGgJTPpfl6XWIWsyqA2g8/8WIjl2QDMrL4:1sisiT2LCLT3NuSvp5llTsyqDg8NIRd
Score

9^/10

discovery
- Contacts a large (11426) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral13 behavioral14
- Target
  
  smb-onil0o36.bin
- Size
  
  64KB
- MD5
  
  1877eded2f4a8c06ab480faa42d81969
- SHA1
  
  848910b3a6fd70e3941a3f0499c73b99c2c79396
- SHA256
  
  e9068c65d9d42582ea3874bc0a388936dbbe4bc4fc89432db01c0995146c18d2
- SHA512
  
  605f2d78d5edc809ec201fa5f2096955bd8f7c6adf5b0a0241dce10cb4b89aecd65eed352705a71f191aae3f18d2b371b1a595d0f4ef4ba1c0da4893c25e81ea
- SSDEEP
  
  768:2W8+9FisiTZdz4HLCLTRnVuwGiJTPpfl6dW6WsyqAgg8RCW+jl2WDMrL4:2sisiTuLCLTRVuwZp5l/lsyqFg8B+RP
Score

9^/10

discovery
- Contacts a large (11436) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral15 behavioral16
- Target
  
  funnies/malware shit/Ransomware/Grandcrab/grandcab.bin
- Size
  
  484KB
- MD5
  
  97a449fed7d800a8a635592605ff8a67
- SHA1
  
  2f339d8b2edb7c07126d9a3c37effe14966817c5
- SHA256
  
  233437b647f9482a8a3ba51d0af69039bb58fb48609704a39db1f709a0e6aca6
- SHA512
  
  85b4b260b801c54927f7b985d5f9fb891e44e5f72f9dcf9656684f8872339480ded94b4f3ba44d71fa491b88243f99155e3ecc7b3005fb5fbe24b1d10f47e4c3
- SSDEEP
  
  12288:hEm67VkaivvtYku9hoVw7G/znXoABEg6s0u1Tw:dEivv+bGuuznXONq10
Score

10^/10

gandcrab backdoor discovery ransomware
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral17 behavioral18
- Target
  
  funnies/malware shit/mitre-attack/Emotet+Trickbot_comparison.xlsx
- Size
  
  14KB
- MD5
  
  248cd700a82449f4b0d107e6a934ae2b
- SHA1
  
  d1763d827d614ddd6f3ca046ec6d1cf880f4dc25
- SHA256
  
  6ff88255226a7f0de338e8383904a6fd8af5eb630c28ae6846b107de41fa22ef
- SHA512
  
  c5755cc015b3e6aa30ce1c87c05a7712fc7939f57d7d470025a50c8d280ad53d97701f34b85b8f9300652989720915ccac28a22925e73ea48455116f37c31746
- SSDEEP
  
  384:YlbZERmunyjfOOTXC6ACMYMx3pF5dBwDVfJZKTvazDpzQ:OdunyXXC6jzqTKVxZ7zDC
Score

3^/10

discovery
behavioral19 behavioral20