gandcrab | 752e5de93daa2bf8af4166146cb2357b65777173639ae691b7c561fbd5bed2b1 | Triage

Sharing

General

Target

752e5de93daa2bf8af4166146cb2357b65777173639ae691b7c561fbd5bed2b1
Size

266KB
Sample

210518-23t3grx22x
MD5

09b26c0da2362e0e5524f8c5d0672f91
SHA1

1f514b6a5b2af15e7cd884eabe3283c719481713
SHA256

752e5de93daa2bf8af4166146cb2357b65777173639ae691b7c561fbd5bed2b1
SHA512

33d1b2f5689dbd59fbe0971d4bc6459e8a3db60dbdef0214bebb9c17ccbb1240f609c7451c2e74213bd7e16eacb7a126817d4386e1e3728a441c34673a404557

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  752e5de93daa2bf8af4166146cb2357b65777173639ae691b7c561fbd5bed2b1
- Size
  
  266KB
- MD5
  
  09b26c0da2362e0e5524f8c5d0672f91
- SHA1
  
  1f514b6a5b2af15e7cd884eabe3283c719481713
- SHA256
  
  752e5de93daa2bf8af4166146cb2357b65777173639ae691b7c561fbd5bed2b1
- SHA512
  
  33d1b2f5689dbd59fbe0971d4bc6459e8a3db60dbdef0214bebb9c17ccbb1240f609c7451c2e74213bd7e16eacb7a126817d4386e1e3728a441c34673a404557
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2