gandcrab | 191977de9bfc6c6ba6ae38840068620667a675c0ed6d06ce7be38459eec18b0d | Triage

Sharing

General

Target

191977de9bfc6c6ba6ae38840068620667a675c0ed6d06ce7be38459eec18b0d
Size

276KB
Sample

210518-ag6c3ezmts
MD5

0b8a9e350842b11a7b1613d118ac5c8f
SHA1

27c2d792700e749155dce5db42169f24d63f5eb5
SHA256

191977de9bfc6c6ba6ae38840068620667a675c0ed6d06ce7be38459eec18b0d
SHA512

c8a1a23dcdd2739afd9dcab38ee0d2662bd8593e344572c11046630efe502a7ce5573736a392ba6be43ceba65691853193d4d6e1a78b33fe0550d9918a8ad926

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  191977de9bfc6c6ba6ae38840068620667a675c0ed6d06ce7be38459eec18b0d
- Size
  
  276KB
- MD5
  
  0b8a9e350842b11a7b1613d118ac5c8f
- SHA1
  
  27c2d792700e749155dce5db42169f24d63f5eb5
- SHA256
  
  191977de9bfc6c6ba6ae38840068620667a675c0ed6d06ce7be38459eec18b0d
- SHA512
  
  c8a1a23dcdd2739afd9dcab38ee0d2662bd8593e344572c11046630efe502a7ce5573736a392ba6be43ceba65691853193d4d6e1a78b33fe0550d9918a8ad926
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorpersistenceransomware