Overview

overview

10

Static

static

3

2025-01-16...ia.exe

windows7-x64

10

2025-01-16...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-16_767d365c003f6fbf71567b1d7193eebb_karagany_mafia

  • Size

    323KB

  • Sample

    250116-bdql4stjf1

  • MD5

    767d365c003f6fbf71567b1d7193eebb

  • SHA1

    93ccfc44fcbf4dc7a180a185a96d8e67f5e85e62

  • SHA256

    15c31480f317a47c4264ddd1ad10cd5ef4726a77e3084879e34795fce864a9af

  • SHA512

    0cafcfaf256972b68cf97e44f7ba1d956ee3ea6778d77c85f6c47407e6b316b7bc9e257596b70e0d91c6ac48498ac30a6f5294198bb243686d9a6509c8b87a02

  • SSDEEP

    6144:eyTS+VPGFG9AQuVFhZKNS3qRQ9SXelDI7tb:eypVPGzFBqi9SXel8x

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      2025-01-16_767d365c003f6fbf71567b1d7193eebb_karagany_mafia

    • Size

      323KB

    • MD5

      767d365c003f6fbf71567b1d7193eebb

    • SHA1

      93ccfc44fcbf4dc7a180a185a96d8e67f5e85e62

    • SHA256

      15c31480f317a47c4264ddd1ad10cd5ef4726a77e3084879e34795fce864a9af

    • SHA512

      0cafcfaf256972b68cf97e44f7ba1d956ee3ea6778d77c85f6c47407e6b316b7bc9e257596b70e0d91c6ac48498ac30a6f5294198bb243686d9a6509c8b87a02

    • SSDEEP

      6144:eyTS+VPGFG9AQuVFhZKNS3qRQ9SXelDI7tb:eypVPGzFBqi9SXel8x

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks