gandcrab | 75d26e1c420b64db9867152cc98542f398772e02a8d3d92ddf53c0d00036f4de | Triage

Sharing

General

Target

75d26e1c420b64db9867152cc98542f398772e02a8d3d92ddf53c0d00036f4de
Size

245KB
Sample

210518-ce179jzfle
MD5

e8b3dc12239488776c76a43d2ad25d0d
SHA1

db704caa5a16234932f59a070df2ab88b7fdb48c
SHA256

75d26e1c420b64db9867152cc98542f398772e02a8d3d92ddf53c0d00036f4de
SHA512

e1705c8aa45d5a39209e1987ae87d56da2c596531b01757ef83f7630ab93f75d059852125d8d4c9ab79ffd08f52302ca33c92d0f9c48f809ab7b2e0737037e2f

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  75d26e1c420b64db9867152cc98542f398772e02a8d3d92ddf53c0d00036f4de
- Size
  
  245KB
- MD5
  
  e8b3dc12239488776c76a43d2ad25d0d
- SHA1
  
  db704caa5a16234932f59a070df2ab88b7fdb48c
- SHA256
  
  75d26e1c420b64db9867152cc98542f398772e02a8d3d92ddf53c0d00036f4de
- SHA512
  
  e1705c8aa45d5a39209e1987ae87d56da2c596531b01757ef83f7630ab93f75d059852125d8d4c9ab79ffd08f52302ca33c92d0f9c48f809ab7b2e0737037e2f
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorpersistenceransomware