gandcrab | 2025-01-23_0b7716bbe1e930e4fea96480a4b21218_gandcrab | Triage

Sharing

General

Target

2025-01-23_0b7716bbe1e930e4fea96480a4b21218_gandcrab
Size

97KB
MD5

0b7716bbe1e930e4fea96480a4b21218
SHA1

b92f564438f9bba532efd8a8d56c2ad2049e15f7
SHA256

304a9572480ff6361060afe7cd04e0615d18997b0ea7fb8d4bcab6bfe91ecec6
SHA512

0766e1e50eb34c3216e08a30ae752df689101315fabfe812d3f22eff661e051011ac6cb71993da6ef857e193e70fd520f05781db0ebd6a00c7dcc6ed95ca2ecc
SSDEEP

1536:YZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHkD:WBounVyFHFMqqDL2/LgHkc2

Score

10^/10

upx gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab family
gandcrab

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-01-23_0b7716bbe1e930e4fea96480a4b21218_gandcrab

Files

2025-01-23_0b7716bbe1e930e4fea96480a4b21218_gandcrab
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_ReflectiveLoader@0

Sections

UPX0
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE