Overview

overview

10

Static

static

3

2025-01-16...ia.exe

windows7-x64

10

2025-01-16...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-16_f95a10ed8b8d5425ef792530de0227f9_mafia

  • Size

    319KB

  • Sample

    250116-bany4strbq

  • MD5

    f95a10ed8b8d5425ef792530de0227f9

  • SHA1

    eee82d10af19030696e18ee80d9b2b5b48dc58cb

  • SHA256

    2923770ba9eaf2c432eb745bbed7a19b1aadd6854086cc1f38df957adeedd0ab

  • SHA512

    b0703b43b092b9c0d3011836dcda4a09044ae308eac49aed1ac04652560d74241fe21ff76f48f22a0c485293ff624f23a32666a16e1b888b98db132b052b03ab

  • SSDEEP

    3072:HLFqoITs8+GgzXKhp6vFcBNTjbL617AL6MfUL1OeV7LGyH0Bme3BdcpFbMT9O:HLFAYz7z6hp2W1L61ALCOk7LhdeROuO

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      2025-01-16_f95a10ed8b8d5425ef792530de0227f9_mafia

    • Size

      319KB

    • MD5

      f95a10ed8b8d5425ef792530de0227f9

    • SHA1

      eee82d10af19030696e18ee80d9b2b5b48dc58cb

    • SHA256

      2923770ba9eaf2c432eb745bbed7a19b1aadd6854086cc1f38df957adeedd0ab

    • SHA512

      b0703b43b092b9c0d3011836dcda4a09044ae308eac49aed1ac04652560d74241fe21ff76f48f22a0c485293ff624f23a32666a16e1b888b98db132b052b03ab

    • SSDEEP

      3072:HLFqoITs8+GgzXKhp6vFcBNTjbL617AL6MfUL1OeV7LGyH0Bme3BdcpFbMT9O:HLFAYz7z6hp2W1L61ALCOk7LhdeROuO

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks