gandcrab | 8a2a3fb2e28d34f79ea7cada58f6f591ac3a0dfa6d3aa38f01f89dfad3d4f36c | Triage

Sharing

General

Target

8a2a3fb2e28d34f79ea7cada58f6f591ac3a0dfa6d3aa38f01f89dfad3d4f36c
Size

250KB
Sample

210518-ets4p8nzwa
MD5

44a3d969549583b944897e62f109b4b0
SHA1

b74aed7bbb6013ded048242bd94714469fe02457
SHA256

8a2a3fb2e28d34f79ea7cada58f6f591ac3a0dfa6d3aa38f01f89dfad3d4f36c
SHA512

08092f7b4cd8026172583b57e2569ea787833d6998e4935ca336ff8f728e9b5e9a33f3261f3465f1bf037c0dec4ded2b98809a28b359a950a4410bd49c873b32

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  8a2a3fb2e28d34f79ea7cada58f6f591ac3a0dfa6d3aa38f01f89dfad3d4f36c
- Size
  
  250KB
- MD5
  
  44a3d969549583b944897e62f109b4b0
- SHA1
  
  b74aed7bbb6013ded048242bd94714469fe02457
- SHA256
  
  8a2a3fb2e28d34f79ea7cada58f6f591ac3a0dfa6d3aa38f01f89dfad3d4f36c
- SHA512
  
  08092f7b4cd8026172583b57e2569ea787833d6998e4935ca336ff8f728e9b5e9a33f3261f3465f1bf037c0dec4ded2b98809a28b359a950a4410bd49c873b32
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2