gandcrab | 162d3551fd01a41c40b1be1b283e484b11c833a03b4219cd44e81606b6359590 | Triage

Sharing

General

Target

162d3551fd01a41c40b1be1b283e484b11c833a03b4219cd44e81606b6359590
Size

320KB
Sample

210518-hkrs45edmn
MD5

c2b7c5b62f7824b0700d6326a6e241aa
SHA1

8cf2c6c23362f57d4663d1a29d3adb358e151107
SHA256

162d3551fd01a41c40b1be1b283e484b11c833a03b4219cd44e81606b6359590
SHA512

09f97541deff8d59e76dee981090b4d6b59d0ee050313c448dcd98e3dd5f662627c66c44bc38941e6911c78958ebde31f9efd9a74fbc8b8d390093419dc2eb60

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  162d3551fd01a41c40b1be1b283e484b11c833a03b4219cd44e81606b6359590
- Size
  
  320KB
- MD5
  
  c2b7c5b62f7824b0700d6326a6e241aa
- SHA1
  
  8cf2c6c23362f57d4663d1a29d3adb358e151107
- SHA256
  
  162d3551fd01a41c40b1be1b283e484b11c833a03b4219cd44e81606b6359590
- SHA512
  
  09f97541deff8d59e76dee981090b4d6b59d0ee050313c448dcd98e3dd5f662627c66c44bc38941e6911c78958ebde31f9efd9a74fbc8b8d390093419dc2eb60
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

gandcrabbackdoorpersistenceransomware