Extracted

Extracted

• • Target

    2024-11-17_7c966e28b1e9c316d98973f73e84bfae_gandcrab_wapomi

  • Size

    90KB

  • MD5

    7c966e28b1e9c316d98973f73e84bfae

  • SHA1

    fc151dea1c149c0334b25edea2963dd046e3576d

  • SHA256

    a4233f691b05afbd6e6433786f53e6fef216cd82b44ab582c806a8f61141ed6e

  • SHA512

    99ee5ffb3c8e97276a93ab4d50712f350bf21e3a1e7a03aab1960c9811f90e0531e7dc17a930764c3e0009ccd26337872db3c54d0b63820b30566b9d35b56577

  • SSDEEP

    1536:b555555555555pmgSeGDjtQhnwmmB0yJMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rS:8MSjOnrmBxMqqDL2/mr3IdE8we0Avu52

  Score

  10^/10

  bdaejecgandcrabaspackv2backdoordiscoverypersistenceransomware

  • Bdaejec

    Bdaejec is a backdoor written in C++.

    backdoorbdaejec

  • Bdaejec family

    bdaejec

  • Detects Bdaejec Backdoor.

    Bdaejec is backdoor written in C++.

  • GandCrab payload

  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab

  • Gandcrab family

    gandcrab

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2