Overview

overview

10

Static

static

GandCrab.bin.exe

windows7_x64

10

GandCrab.bin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GandCrab.bin.zip

  • Size

    77KB

  • Sample

    201104-ttlt6dmege

  • MD5

    7299816875c02bcfd082dfa47aa24de2

  • SHA1

    e900466a25927c32a5cc8484940bfeaff528740c

  • SHA256

    7780aa5eb81339559974810e2d826a52c83844f96a5917c150264624b2d139ac

  • SHA512

    cc1054ad7ecbb1505caadcb1d78f52c00462dbd5e7b7faf09a9113480b2c13007888d06e8eaa1a851fa634de1a03a82eee5eec977695719818ffb50aff840a40

Score
10/10
gandcrabbackdoorpersistenceransomwarespyware

Malware Config

Targets

    • Target

      GandCrab.bin

    • Size

      183KB

    • MD5

      07fadb006486953439ce0092651fd7a6

    • SHA1

      e42431d37561cc695de03b85e8e99c9e31321742

    • SHA256

      d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0

    • SHA512

      5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437

    Score
    10/10
    gandcrabbackdoorpersistenceransomwarespyware

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies service

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks