gandcrab | 72f6405ac36e4c80ad12c9637e60c2d6c7f20cbf56375cd68be3f98810a6b51f | Triage

Sharing

General

Target

72f6405ac36e4c80ad12c9637e60c2d6c7f20cbf56375cd68be3f98810a6b51f
Size

276KB
Sample

210518-8bg7jcqz6x
MD5

f4e2dfa2b688f8a6c65c2d33e1b9ba5a
SHA1

053edcdb0c4932b442b23322e92a7e566dc307dd
SHA256

72f6405ac36e4c80ad12c9637e60c2d6c7f20cbf56375cd68be3f98810a6b51f
SHA512

38f3ee6e4b938681ce505d05b1d7a3cf31f9bca022fca548634a495571b8efddde4545319727b1bfd91f5923952b9cd1d6a4c1938151a3d26ea7ed32a73d6f5a

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  72f6405ac36e4c80ad12c9637e60c2d6c7f20cbf56375cd68be3f98810a6b51f
- Size
  
  276KB
- MD5
  
  f4e2dfa2b688f8a6c65c2d33e1b9ba5a
- SHA1
  
  053edcdb0c4932b442b23322e92a7e566dc307dd
- SHA256
  
  72f6405ac36e4c80ad12c9637e60c2d6c7f20cbf56375cd68be3f98810a6b51f
- SHA512
  
  38f3ee6e4b938681ce505d05b1d7a3cf31f9bca022fca548634a495571b8efddde4545319727b1bfd91f5923952b9cd1d6a4c1938151a3d26ea7ed32a73d6f5a
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorpersistenceransomware