gandcrab | 7780aa5eb81339559974810e2d826a52c83844f96a5917c150264624b2d139ac | Triage

Submit
Reports

Overview

overview

Static

static

GandCrab.bin.exe

windows7_x64

GandCrab.bin.exe

windows10_x64

Sharing

General

Target

GandCrab.bin.zip
Size

77KB
Sample

201104-ttlt6dmege
MD5

7299816875c02bcfd082dfa47aa24de2
SHA1

e900466a25927c32a5cc8484940bfeaff528740c
SHA256

7780aa5eb81339559974810e2d826a52c83844f96a5917c150264624b2d139ac
SHA512

cc1054ad7ecbb1505caadcb1d78f52c00462dbd5e7b7faf09a9113480b2c13007888d06e8eaa1a851fa634de1a03a82eee5eec977695719818ffb50aff840a40

Score

10^/10

gandcrab backdoor persistence ransomware spyware

Static task

static1

Behavioral task

behavioral1

Sample

GandCrab.bin.exe

Resource

win7v20201028

gandcrab backdoor persistence ransomware spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

GandCrab.bin.exe

Resource

win10v20201028

gandcrab backdoor persistence ransomware spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  GandCrab.bin
- Size
  
  183KB
- MD5
  
  07fadb006486953439ce0092651fd7a6
- SHA1
  
  e42431d37561cc695de03b85e8e99c9e31321742
- SHA256
  
  d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
- SHA512
  
  5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
Score

10^/10

gandcrab backdoor persistence ransomware spyware
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Defacement

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwarespyware

behavioral2

gandcrabbackdoorpersistenceransomwarespyware

© 2018-2024

Terms | Privacy