b1002ce2318963d5e17986c41bbfdb4486f6997bb7cd7903789619398a286ad8

General
Target

b1002ce2318963d5e17986c41bbfdb4486f6997bb7cd7903789619398a286ad8

Size

250KB

Sample

210518-7tg1y345na

Score
10 /10
MD5

4b4333d034009da5ddbfa105e2ddbce7

SHA1

deeeafb18977a43d9d7b7241d8525f73ec7f1430

SHA256

b1002ce2318963d5e17986c41bbfdb4486f6997bb7cd7903789619398a286ad8

SHA512

4a3b37265d8b3269337b76f7f72e7b38923fb315bf45d82bc10bfb040c462ee6b76dc8db93369bc85130946190f0cacc5173c40e4d23a45915a1bb2ca018f281

Malware Config
Targets
Target

b1002ce2318963d5e17986c41bbfdb4486f6997bb7cd7903789619398a286ad8

MD5

4b4333d034009da5ddbfa105e2ddbce7

Filesize

250KB

Score
10/10
SHA1

deeeafb18977a43d9d7b7241d8525f73ec7f1430

SHA256

b1002ce2318963d5e17986c41bbfdb4486f6997bb7cd7903789619398a286ad8

SHA512

4a3b37265d8b3269337b76f7f72e7b38923fb315bf45d82bc10bfb040c462ee6b76dc8db93369bc85130946190f0cacc5173c40e4d23a45915a1bb2ca018f281

Tags

Signatures

  • GandCrab Payload

  • Gandcrab

    Description

    Gandcrab is a Trojan horse that encrypts files on a computer.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks