b1002ce2318963d5e17986c41bbfdb4486f6997bb7cd7903789619398a286ad8

Target

Size

250KB

Sample

210518-7tg1y345na

Score

10 ^/10

MD5

4b4333d034009da5ddbfa105e2ddbce7

SHA1

deeeafb18977a43d9d7b7241d8525f73ec7f1430

SHA256

b1002ce2318963d5e17986c41bbfdb4486f6997bb7cd7903789619398a286ad8

SHA512

4a3b37265d8b3269337b76f7f72e7b38923fb315bf45d82bc10bfb040c462ee6b76dc8db93369bc85130946190f0cacc5173c40e4d23a45915a1bb2ca018f281

Target

b1002ce2318963d5e17986c41bbfdb4486f6997bb7cd7903789619398a286ad8

MD5

4b4333d034009da5ddbfa105e2ddbce7

Filesize

250KB

Score

10^/10

SHA1

deeeafb18977a43d9d7b7241d8525f73ec7f1430

SHA256

b1002ce2318963d5e17986c41bbfdb4486f6997bb7cd7903789619398a286ad8

SHA512

4a3b37265d8b3269337b76f7f72e7b38923fb315bf45d82bc10bfb040c462ee6b76dc8db93369bc85130946190f0cacc5173c40e4d23a45915a1bb2ca018f281

Signatures

GandCrab Payload
Gandcrab
Description

Gandcrab is a Trojan horse that encrypts files on a computer.
Tags

ransomware backdoor gandcrab
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Enumerates connected drives
Description

Attempts to read the root path of hard drives other than the default C: drive.
TTPs

Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

gandcrab backdoor persistence ransomware

10^/10

behavioral2

gandcrab backdoor persistence ransomware

10^/10

Tags

Signatures

GandCrab Payload

Gandcrab

Description

Tags

Adds Run key to start application

Tags

TTPs

Enumerates connected drives

Description

TTPs

Related Tasks

static1

behavioral1

behavioral2