035e9c14bcd35ae35d8c33124504538cde125ff055fce62c0286d6292a3e7f82

General
Target

035e9c14bcd35ae35d8c33124504538cde125ff055fce62c0286d6292a3e7f82

Size

241KB

Sample

210518-1wzydyb7g6

Score
10 /10
MD5

625f35558bdbe0f99bbaaae94d34732a

SHA1

a04316dceebf4de5d6716b2ce5be5c1c29f2d422

SHA256

035e9c14bcd35ae35d8c33124504538cde125ff055fce62c0286d6292a3e7f82

SHA512

e4a342db8d60a30285d4fe82a6675f66db60ad2d8571b86c02de63ba21067cbfafc709cf23283dc4eb686e0bbf9d5f016110ac0a2e3811a26eb181aa1a9477d9

Malware Config
Targets
Target

035e9c14bcd35ae35d8c33124504538cde125ff055fce62c0286d6292a3e7f82

MD5

625f35558bdbe0f99bbaaae94d34732a

Filesize

241KB

Score
10/10
SHA1

a04316dceebf4de5d6716b2ce5be5c1c29f2d422

SHA256

035e9c14bcd35ae35d8c33124504538cde125ff055fce62c0286d6292a3e7f82

SHA512

e4a342db8d60a30285d4fe82a6675f66db60ad2d8571b86c02de63ba21067cbfafc709cf23283dc4eb686e0bbf9d5f016110ac0a2e3811a26eb181aa1a9477d9

Tags

Signatures

  • GandCrab Payload

  • Gandcrab

    Description

    Gandcrab is a Trojan horse that encrypts files on a computer.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral2

                    6/10