MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 233437b647f9482a8a3ba51d0af69039bb58fb48609704a39db1f709a0e6aca6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GandCrab


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 233437b647f9482a8a3ba51d0af69039bb58fb48609704a39db1f709a0e6aca6
SHA3-384 hash: aaad54a5ece07d6df03e10f745c68dccd710a5f3ca43ad64cd296b49198422964cabdfbd32e6eb67ac677b1c930334ad
SHA1 hash: 2f339d8b2edb7c07126d9a3c37effe14966817c5
MD5 hash: 97a449fed7d800a8a635592605ff8a67
humanhash: florida-helium-ack-north
File name:grandcab.bin
Download: download sample
Signature GandCrab
Create hunting rule
File size:496'128 bytes
First seen:2020-06-09 04:44:09 UTC
Last seen:2020-06-09 06:08:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 72d3be2a4396d0ac38f25e12d06c98ec (1 x GandCrab)
ssdeep 12288:hEm67VkaivvtYku9hoVw7G/znXoABEg6s0u1Tw:dEivv+bGuuznXONq10
Threatray 9 similar samples on MalwareBazaar
TLSH AAB4BE2E7190F460C15F2E30DBA6969185E8ACA13633CFEED7603D347AB11637B685C6
Reporter dipen18

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/222504
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Ransomware.GandCrab
Create hunting rule
Status:
Malicious
First seen:
2018-11-08 19:34:34 UTC
File Type:
PE (Exe)
Extracted files:
13
AV detection:
42 of 47 (89.36%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
70da37182d8bd664853445333e0d7d594355e64287daf830ef307a1aae9f7e2a
GandCrab
828813d52e8a48831c00c3013a32b8a4f3addd4fbb3f26736a2ee17c55aa1a9c
GandCrab
a18756c322db7d61a268b4565be953c67c2047c334cefc171fc5b8ed7002df52
GandCrab
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GandCrab
ce80af98fda09bf24006e478aca3f2bdc6e496a293223116b0da19d7aa2073cd
GandCrab
cf5a86737ab13ec2ea858e0d7c635c3a3c79d1deda05e79a81dd1b470dcb0942
GandCrab
d83e3f5b248bc0b1676bb081cd50e8df0dd600f4b9253465aa6ed63f263cfd19
GandCrab
e424e9bbd3853459d205936d047a3bd08529ffb857dcc47a279e5c2c9fa820f1
GandCrab
e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448
GandCrab
Result
Malware family:
gandcrab
Create hunting rule
Score:
  10/10
Tags:
family:gandcrab backdoor ransomware
Link:
https://tria.ge/reports/201109-3m4wjw5x3e/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Enumerates connected drives
Gandcrab
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GandCrab

Executable exe 233437b647f9482a8a3ba51d0af69039bb58fb48609704a39db1f709a0e6aca6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/74276/
  
Delivery method
Distributed via web download

Comments