gandcrab | 396c08f3c629eaadb176366fa87627648cdadb94658d46a3cb9e42c83de996a3 | Triage

Sharing

General

Target

396c08f3c629eaadb176366fa87627648cdadb94658d46a3cb9e42c83de996a3
Size

317KB
Sample

210518-84k98ag5ea
MD5

c57464b3337c4e258ecd4672924dbfc7
SHA1

1cb76ceac1fd3e2cf5cc1875ed5a04c7fb761bb7
SHA256

396c08f3c629eaadb176366fa87627648cdadb94658d46a3cb9e42c83de996a3
SHA512

fbcf8aa9ccd865d09367129c64e09d2e2fe772768752c9a75289e48a307df6d3e2977b69c6fba64138c6ddbabe4594206c49105d7a84f2fc50e9041d55ea955b

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  396c08f3c629eaadb176366fa87627648cdadb94658d46a3cb9e42c83de996a3
- Size
  
  317KB
- MD5
  
  c57464b3337c4e258ecd4672924dbfc7
- SHA1
  
  1cb76ceac1fd3e2cf5cc1875ed5a04c7fb761bb7
- SHA256
  
  396c08f3c629eaadb176366fa87627648cdadb94658d46a3cb9e42c83de996a3
- SHA512
  
  fbcf8aa9ccd865d09367129c64e09d2e2fe772768752c9a75289e48a307df6d3e2977b69c6fba64138c6ddbabe4594206c49105d7a84f2fc50e9041d55ea955b
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorpersistenceransomware