gandcrab | 2ec60a63415d207336b6b21289413d526d91849fa97a7a43c3ae55fac8d9e1a3 | Triage

Sharing

General

Target

2ec60a63415d207336b6b21289413d526d91849fa97a7a43c3ae55fac8d9e1a3
Size

207KB
Sample

210518-e8k77113c6
MD5

077ac431a2740011034d7ae702100e55
SHA1

ca7e1bfec35d63ae0d752af4fc9055d2a5fe7c41
SHA256

2ec60a63415d207336b6b21289413d526d91849fa97a7a43c3ae55fac8d9e1a3
SHA512

6a1404b84d7d14e9d9f441a3062c7f7d73d6385ad39519666dacd670f0e205b8fc60ea189fb1c3270bd450173f170c8e45b42154fbafd609c530fe439e4fb4fd

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  2ec60a63415d207336b6b21289413d526d91849fa97a7a43c3ae55fac8d9e1a3
- Size
  
  207KB
- MD5
  
  077ac431a2740011034d7ae702100e55
- SHA1
  
  ca7e1bfec35d63ae0d752af4fc9055d2a5fe7c41
- SHA256
  
  2ec60a63415d207336b6b21289413d526d91849fa97a7a43c3ae55fac8d9e1a3
- SHA512
  
  6a1404b84d7d14e9d9f441a3062c7f7d73d6385ad39519666dacd670f0e205b8fc60ea189fb1c3270bd450173f170c8e45b42154fbafd609c530fe439e4fb4fd
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorpersistenceransomware