Overview

overview

10

Static

static

216732f39d...26.exe

windows7_x64

10

216732f39d...26.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    216732f39de23c4387bb5e974abc4020312515cfc12cf546676b8923f9a97526

  • Size

    324KB

  • Sample

    210518-hjesgsdr7n

  • MD5

    cce14acd098f0a34934f7e5f936eab39

  • SHA1

    fe7ddbb0c890016c9cc5b2041c5c68d56a432497

  • SHA256

    216732f39de23c4387bb5e974abc4020312515cfc12cf546676b8923f9a97526

  • SHA512

    8fe01b2977de7db7d982878cf70119b4b4a6d3159377a7e1a49de844ad8ca3ccfab0bdb0812cbde8c4a516787813abb4f70a03abfd0332579bde5cf43ffda3f6

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      216732f39de23c4387bb5e974abc4020312515cfc12cf546676b8923f9a97526

    • Size

      324KB

    • MD5

      cce14acd098f0a34934f7e5f936eab39

    • SHA1

      fe7ddbb0c890016c9cc5b2041c5c68d56a432497

    • SHA256

      216732f39de23c4387bb5e974abc4020312515cfc12cf546676b8923f9a97526

    • SHA512

      8fe01b2977de7db7d982878cf70119b4b4a6d3159377a7e1a49de844ad8ca3ccfab0bdb0812cbde8c4a516787813abb4f70a03abfd0332579bde5cf43ffda3f6

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab Payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks