General

  • Target

    035e9c14bcd35ae35d8c33124504538cde125ff055fce62c0286d6292a3e7f82

  • Size

    241KB

  • Sample

    210518-1wzydyb7g6

  • MD5

    625f35558bdbe0f99bbaaae94d34732a

  • SHA1

    a04316dceebf4de5d6716b2ce5be5c1c29f2d422

  • SHA256

    035e9c14bcd35ae35d8c33124504538cde125ff055fce62c0286d6292a3e7f82

  • SHA512

    e4a342db8d60a30285d4fe82a6675f66db60ad2d8571b86c02de63ba21067cbfafc709cf23283dc4eb686e0bbf9d5f016110ac0a2e3811a26eb181aa1a9477d9

Malware Config

Targets

    • Target

      035e9c14bcd35ae35d8c33124504538cde125ff055fce62c0286d6292a3e7f82

    • Size

      241KB

    • MD5

      625f35558bdbe0f99bbaaae94d34732a

    • SHA1

      a04316dceebf4de5d6716b2ce5be5c1c29f2d422

    • SHA256

      035e9c14bcd35ae35d8c33124504538cde125ff055fce62c0286d6292a3e7f82

    • SHA512

      e4a342db8d60a30285d4fe82a6675f66db60ad2d8571b86c02de63ba21067cbfafc709cf23283dc4eb686e0bbf9d5f016110ac0a2e3811a26eb181aa1a9477d9

    • GandCrab Payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Tasks