gandcrab | fec01ecfbc95ba154b19c1e9bb93edaa4bbed6628380b6670afe130e4b05c58b | Triage

Sharing

General

Target

tracking_number.pdf.(1).exe
Size

217KB
Sample

210507-hj1gwxn3z6
MD5

f96e0e56a1eb44f7ae71c40fada29158
SHA1

ce1faf829687bf34510def8e1abf8094c9287575
SHA256

fec01ecfbc95ba154b19c1e9bb93edaa4bbed6628380b6670afe130e4b05c58b
SHA512

1786afdd4f325e8086cdcbd76092741d0561c9dc00dd973b289a08977a5008e07f2145ba8f48c62c3024a1dbc9dd427eb4a925d3b39b3dcf16eaac61abf98187

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  tracking_number.pdf.(1).exe
- Size
  
  217KB
- MD5
  
  f96e0e56a1eb44f7ae71c40fada29158
- SHA1
  
  ce1faf829687bf34510def8e1abf8094c9287575
- SHA256
  
  fec01ecfbc95ba154b19c1e9bb93edaa4bbed6628380b6670afe130e4b05c58b
- SHA512
  
  1786afdd4f325e8086cdcbd76092741d0561c9dc00dd973b289a08977a5008e07f2145ba8f48c62c3024a1dbc9dd427eb4a925d3b39b3dcf16eaac61abf98187
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2