Overview

overview

10

Static

static

fdc88181e8...a2.exe

windows7_x64

10

fdc88181e8...a2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fdc88181e8a29e2bbffa270a299d93929c92bf0b8a60dd6019f900d03f8584a2

  • Size

    171KB

  • Sample

    210518-c3bcsp5pre

  • MD5

    94eeb368a6bedc0fc4fc6fca0a0301ad

  • SHA1

    4d7ee3c2115bdcaddd372da5ccef8d9286b1b2fb

  • SHA256

    fdc88181e8a29e2bbffa270a299d93929c92bf0b8a60dd6019f900d03f8584a2

  • SHA512

    299122e63d02c809249857b57f7fedded4fe8e031cf6dc680faaad06a3265843b566842eec1f68af28ea787d2e0c36b2b31228d9493fd744e6354e8e2871fd82

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      fdc88181e8a29e2bbffa270a299d93929c92bf0b8a60dd6019f900d03f8584a2

    • Size

      171KB

    • MD5

      94eeb368a6bedc0fc4fc6fca0a0301ad

    • SHA1

      4d7ee3c2115bdcaddd372da5ccef8d9286b1b2fb

    • SHA256

      fdc88181e8a29e2bbffa270a299d93929c92bf0b8a60dd6019f900d03f8584a2

    • SHA512

      299122e63d02c809249857b57f7fedded4fe8e031cf6dc680faaad06a3265843b566842eec1f68af28ea787d2e0c36b2b31228d9493fd744e6354e8e2871fd82

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab Payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks