Overview

overview

10

Static

static

3

2024-11-30...ia.exe

windows7-x64

10

2024-11-30...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-30_2a57f4525d41d536a6b4931fa447c319_karagany_mafia

  • Size

    222KB

  • Sample

    241130-c68ttsxrgw

  • MD5

    2a57f4525d41d536a6b4931fa447c319

  • SHA1

    c540c8ee891e24bcc0c791e2ad5f75140d79bc6b

  • SHA256

    aae1edd86e0f7e304ee87dcfb354800b44ed102fb4cead31c0174cbf2a71c8f8

  • SHA512

    123d8bdd3407693febb5251f1d8d8f89fe51cf96395e3f7d154637d7c4424cf2b0e84778e650655f478038cfc76a3bc94946f5b0120917cdd869f8b2808c8739

  • SSDEEP

    3072:9BbWxYKFDnqvffIj0nStxBN3cwqvcQr3YTfVEPnYbl3/YrDAEioKhAv/:9BkYKZSYYnS1xecmoT2nYbdEKs/

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      2024-11-30_2a57f4525d41d536a6b4931fa447c319_karagany_mafia

    • Size

      222KB

    • MD5

      2a57f4525d41d536a6b4931fa447c319

    • SHA1

      c540c8ee891e24bcc0c791e2ad5f75140d79bc6b

    • SHA256

      aae1edd86e0f7e304ee87dcfb354800b44ed102fb4cead31c0174cbf2a71c8f8

    • SHA512

      123d8bdd3407693febb5251f1d8d8f89fe51cf96395e3f7d154637d7c4424cf2b0e84778e650655f478038cfc76a3bc94946f5b0120917cdd869f8b2808c8739

    • SSDEEP

      3072:9BbWxYKFDnqvffIj0nStxBN3cwqvcQr3YTfVEPnYbl3/YrDAEioKhAv/:9BkYKZSYYnS1xecmoT2nYbdEKs/

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks