gandcrab | 96bb36fa3d0ede8044b9fb30fa81a8ef250684c6b20e7d8add311795e19991e1 | Triage

Sharing

General

Target

96bb36fa3d0ede8044b9fb30fa81a8ef250684c6b20e7d8add311795e19991e1
Size

253KB
Sample

210518-c7vv6t78ax
MD5

decdffe4b01e23b7fef7a3265a34dd36
SHA1

1bd91c89f15351a59a2d4b9e56ea181a75b90d58
SHA256

96bb36fa3d0ede8044b9fb30fa81a8ef250684c6b20e7d8add311795e19991e1
SHA512

926a7edb539e442e7b3af92b8e988b80588f09968ea618142278b6f3f921b29e65108c7e234c719fec66d5e0a952228974a2d24ea075e91f79e63842177bd480

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  96bb36fa3d0ede8044b9fb30fa81a8ef250684c6b20e7d8add311795e19991e1
- Size
  
  253KB
- MD5
  
  decdffe4b01e23b7fef7a3265a34dd36
- SHA1
  
  1bd91c89f15351a59a2d4b9e56ea181a75b90d58
- SHA256
  
  96bb36fa3d0ede8044b9fb30fa81a8ef250684c6b20e7d8add311795e19991e1
- SHA512
  
  926a7edb539e442e7b3af92b8e988b80588f09968ea618142278b6f3f921b29e65108c7e234c719fec66d5e0a952228974a2d24ea075e91f79e63842177bd480
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorpersistenceransomware