gandcrab | 2025-01-23_08a6dc55c14ea776291bce908dffd0a8_gandcrab | Triage

Sharing

General

Target

2025-01-23_08a6dc55c14ea776291bce908dffd0a8_gandcrab
Size

83KB
MD5

08a6dc55c14ea776291bce908dffd0a8
SHA1

878ca8fbbe916b4b9ebfb0b201db6b5001cd4cbc
SHA256

5bbd51779903879a1b0f10d176965028897baf76b28ccf72942d7637d35dcc96
SHA512

4aeb2fd51b587811e84e973a8b32c00b664fffe655788dbe5146e19fceb851a49b4837a2d2284f3de599c9ff407482862fa11794820c97fd84506d1f49a72fa4
SSDEEP

1536:t55u555555555pmgSeGDjtQhnwmmB0yDMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r4:FMSjOnrmBrMqqDL2/mr3IdE8we0Avu5c

Score

10^/10

gandcrab

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab family
gandcrab

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-01-23_08a6dc55c14ea776291bce908dffd0a8_gandcrab

Files

2025-01-23_08a6dc55c14ea776291bce908dffd0a8_gandcrab
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.
Size: 76KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE