Overview

overview

10

Static

static

10

2024-11-17...mi.exe

windows7-x64

10

2024-11-17...mi.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-17_3880c95f95e58296e8c593c73bfcf8a2_gandcrab_wapomi

  • Size

    90KB

  • Sample

    241117-f37ddasfjp

  • MD5

    3880c95f95e58296e8c593c73bfcf8a2

  • SHA1

    9e9c03cdce771dc7956ebbb640f9cf2606f66406

  • SHA256

    376d5782f32c65daedbb8221fa4bbe17238a8b25a9848cd8b50777fa3fab7b24

  • SHA512

    8a193f25bc31c9e7d546072b60b8d51faaeb01204b08f17d16cc324adda88c6859a26b7088cc970dd2d32c1240746acdb139d8e760e7cd1ffe8d830a41f3aaea

  • SSDEEP

    1536:q555555555555pmgSeGDjtQhnwmmB0yJMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rS:bMSjOnrmBxMqqDL2/mr3IdE8we0Avu52

Score
10/10
bdaejecgandcrabaspackv2backdoordiscoverypersistenceransomware

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      2024-11-17_3880c95f95e58296e8c593c73bfcf8a2_gandcrab_wapomi

    • Size

      90KB

    • MD5

      3880c95f95e58296e8c593c73bfcf8a2

    • SHA1

      9e9c03cdce771dc7956ebbb640f9cf2606f66406

    • SHA256

      376d5782f32c65daedbb8221fa4bbe17238a8b25a9848cd8b50777fa3fab7b24

    • SHA512

      8a193f25bc31c9e7d546072b60b8d51faaeb01204b08f17d16cc324adda88c6859a26b7088cc970dd2d32c1240746acdb139d8e760e7cd1ffe8d830a41f3aaea

    • SSDEEP

      1536:q555555555555pmgSeGDjtQhnwmmB0yJMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rS:bMSjOnrmBxMqqDL2/mr3IdE8we0Avu52

    Score
    10/10
    bdaejecgandcrabaspackv2backdoordiscoverypersistenceransomware

    • Bdaejec

      Bdaejec is a backdoor written in C++.

      backdoorbdaejec

    • Bdaejec family

      bdaejec

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks