General
-
Target
9932e5949fdc062b3c12769a6e5236e4f5caa40f0c966b879f5a306f0670ee52
-
Size
109KB
-
Sample
240621-bqwnwsvblb
-
MD5
d3537fec0b0ca4e6ae6f91b85b15c1d5
-
SHA1
ade90a54d16ccca3c8d2c4c25a2ede4786c7c368
-
SHA256
9932e5949fdc062b3c12769a6e5236e4f5caa40f0c966b879f5a306f0670ee52
-
SHA512
1298d94ca3c2671d43fdfcae62aa0886f43a3c9908ec0dc2ab64989f9f66aeab93b33d06060c2619081c676afd4f6980c70322a5a93cb1f9dea396e0b9fb5126
-
SSDEEP
3072:HMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6C:HXjOnr6jqqDL6aprYS6C
Behavioral task
behavioral1
Sample
9932e5949fdc062b3c12769a6e5236e4f5caa40f0c966b879f5a306f0670ee52.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
9932e5949fdc062b3c12769a6e5236e4f5caa40f0c966b879f5a306f0670ee52.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
gandcrab
http://gdcbghvjyqy7jclk.onion.top/
Targets
-
-
Target
9932e5949fdc062b3c12769a6e5236e4f5caa40f0c966b879f5a306f0670ee52
-
Size
109KB
-
MD5
d3537fec0b0ca4e6ae6f91b85b15c1d5
-
SHA1
ade90a54d16ccca3c8d2c4c25a2ede4786c7c368
-
SHA256
9932e5949fdc062b3c12769a6e5236e4f5caa40f0c966b879f5a306f0670ee52
-
SHA512
1298d94ca3c2671d43fdfcae62aa0886f43a3c9908ec0dc2ab64989f9f66aeab93b33d06060c2619081c676afd4f6980c70322a5a93cb1f9dea396e0b9fb5126
-
SSDEEP
3072:HMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6C:HXjOnr6jqqDL6aprYS6C
Score10/10-
GandCrab payload
-
Detects ransomware indicator
-
Gandcrab Payload
-
UPX dump on OEP (original entry point)
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-