Overview

overview

10

Static

static

1

SHENZHENIO.zip

windows10-2004-x64

10

setup_shen...1).exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SHENZHENIO.zip

  • Size

    388.2MB

  • Sample

    241027-a2yf7azjdt

  • MD5

    5a583bbcbd59db75e8b8c58a8cbf6192

  • SHA1

    436f01bab5a23316e58fb7cf5ceb0019419b03fb

  • SHA256

    0cbae3b1f69b340a077c82cc9fe1ff4d2258a8f53854ff4467d22cf78aa920ae

  • SHA512

    7b5edcfb660fe3b1e0f4fc66935fd5fbc3ad8dd9d7079a236ef9998ea836a6ba6ef418e1526adbcd3a82a931ce202741439cafa152be5e46b95d7aa892ad822f

  • SSDEEP

    12582912:XNThcyVBC9RIizY8fTvbhqUzyBqBPe8oZP7F9:XHV09fz7fRqUaOPe8oZP7F9

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      SHENZHENIO.zip

    • Size

      388.2MB

    • MD5

      5a583bbcbd59db75e8b8c58a8cbf6192

    • SHA1

      436f01bab5a23316e58fb7cf5ceb0019419b03fb

    • SHA256

      0cbae3b1f69b340a077c82cc9fe1ff4d2258a8f53854ff4467d22cf78aa920ae

    • SHA512

      7b5edcfb660fe3b1e0f4fc66935fd5fbc3ad8dd9d7079a236ef9998ea836a6ba6ef418e1526adbcd3a82a931ce202741439cafa152be5e46b95d7aa892ad822f

    • SSDEEP

      12582912:XNThcyVBC9RIizY8fTvbhqUzyBqBPe8oZP7F9:XHV09fz7fRqUaOPe8oZP7F9

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

    • Target

      setup_shenzhen_io_gog-3_(11.14.2020)_(43141).exe

    • Size

      388.7MB

    • MD5

      00e200c1e21bdad75fb6644606470080

    • SHA1

      c55fabad647a720f1254d360c48252931fb88825

    • SHA256

      e51c01de976c19d1f6b597546b6550e852eab6e02720c44778b214c9324af98c

    • SHA512

      8b4c88bd9c0c714ed6a78188347bb7500d00772c5e605534c16b546b82b5fe636b41b5a7736e36e98e4cf661a8e8d2c32a9ea12b7d0385a53b0bcf43f244baa7

    • SSDEEP

      12582912:orZro437kT1UaUUYsjHPLy+Z8peLdYnVXMRzPvlVj:oD3oTfUds3y+8IdMVXMRb3

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks