Overview

overview

10

Static

static

3

2024-11-20...ia.exe

windows7-x64

10

2024-11-20...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-20_f19b85c3212058e319e7cb2b24d2599b_karagany_mafia

  • Size

    310KB

  • Sample

    241120-crl2hssrhq

  • MD5

    f19b85c3212058e319e7cb2b24d2599b

  • SHA1

    dfdd08bee15e5815338f5ed6d2a6ee6c632e6dc5

  • SHA256

    ec87eafb66ec575a70b16549352248c13ffffa2d93a8fe618b43fbe388f4c01e

  • SHA512

    45a26b9b9fc5af8130617c78bce501bed589e90d7518f9bb57e7aa467e5635e6c9355e53cb68ce665016ee8f138da75d0512a63b785dd2819adef77b4b6dbb93

  • SSDEEP

    6144:druoInmmPWPhCqkNZ9+INEQpcsoD5W+fusZR:hImIftNEbd5fu0R

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      2024-11-20_f19b85c3212058e319e7cb2b24d2599b_karagany_mafia

    • Size

      310KB

    • MD5

      f19b85c3212058e319e7cb2b24d2599b

    • SHA1

      dfdd08bee15e5815338f5ed6d2a6ee6c632e6dc5

    • SHA256

      ec87eafb66ec575a70b16549352248c13ffffa2d93a8fe618b43fbe388f4c01e

    • SHA512

      45a26b9b9fc5af8130617c78bce501bed589e90d7518f9bb57e7aa467e5635e6c9355e53cb68ce665016ee8f138da75d0512a63b785dd2819adef77b4b6dbb93

    • SSDEEP

      6144:druoInmmPWPhCqkNZ9+INEQpcsoD5W+fusZR:hImIftNEbd5fu0R

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks