gandcrab | 8108755937af436b2b9e626fc84b8b8f869a210b442ceb170c579be7094fa2f0 | Triage

Sharing

General

Target

8108755937af436b2b9e626fc84b8b8f869a210b442ceb170c579be7094fa2f0
Size

301KB
Sample

210518-j3s2c6dc1j
MD5

d71b2c095a64008c5355a9b592561913
SHA1

e950a5ebaf934bd27b4ea9e2e426eda5b4a90a5f
SHA256

8108755937af436b2b9e626fc84b8b8f869a210b442ceb170c579be7094fa2f0
SHA512

4ffb3b25c15b21be77d0fc05b1a783c97d1ef055a70a78afe3cae9c324dba7af044f977af70cd42e030d78dcdb05fd488ab4ee80c8cb3e4a6b098445e146a5f5

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  8108755937af436b2b9e626fc84b8b8f869a210b442ceb170c579be7094fa2f0
- Size
  
  301KB
- MD5
  
  d71b2c095a64008c5355a9b592561913
- SHA1
  
  e950a5ebaf934bd27b4ea9e2e426eda5b4a90a5f
- SHA256
  
  8108755937af436b2b9e626fc84b8b8f869a210b442ceb170c579be7094fa2f0
- SHA512
  
  4ffb3b25c15b21be77d0fc05b1a783c97d1ef055a70a78afe3cae9c324dba7af044f977af70cd42e030d78dcdb05fd488ab4ee80c8cb3e4a6b098445e146a5f5
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2