Extracted

Extracted

• • Target

    2024-11-18_1460fcc4862225f83fb9b0b6c1a8a379_gandcrab_wapomi

  • Size

    90KB

  • MD5

    1460fcc4862225f83fb9b0b6c1a8a379

  • SHA1

    1300657e5bc2ba5935e16db8fb7d38e9872378c7

  • SHA256

    46eb4ffb64dd562b3292a776df28acdaf2d8dd2baf42833716477a15687bcd8f

  • SHA512

    1aa4f9d35005a8a5003bf684d084cfd51642d22daefd6eacc5637cdceb2609e226b0b1622a217d87fb3f7b15d4ff11832d5d20acec5087d0c5e898402ee33d85

  • SSDEEP

    1536:F555555555555pmgSeGDjtQhnwmmB0yJMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rS:CMSjOnrmBxMqqDL2/mr3IdE8we0Avu52

  Score

  10^/10

  bdaejecgandcrabaspackv2backdoordiscoverypersistenceransomware

  • Bdaejec

    Bdaejec is a backdoor written in C++.

    backdoorbdaejec

  • Bdaejec family

    bdaejec

  • Detects Bdaejec Backdoor.

    Bdaejec is backdoor written in C++.

  • GandCrab payload

  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab

  • Gandcrab family

    gandcrab

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2