gandcrab | 1b23be114479095a4a8adf0ab356fe19ed7db86ce897e94e016cce380a5d0189 | Triage

Sharing

General

Target

1b23be114479095a4a8adf0ab356fe19ed7db86ce897e94e016cce380a5d0189
Size

324KB
Sample

210518-j5zvqbens6
MD5

d4d4a30131f3c467bb8cd928944f1efa
SHA1

2a84bdf794f07fdcce3819ab6f27cc51f4b81b21
SHA256

1b23be114479095a4a8adf0ab356fe19ed7db86ce897e94e016cce380a5d0189
SHA512

7ae3ade157fc25f96bf176ec5965f41c2ccd5ddbc4a27419a6167e181563b136d70576260f7093ce545c4d20231b9603027435e93d683f21bcf9222dfa33cc2d

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  1b23be114479095a4a8adf0ab356fe19ed7db86ce897e94e016cce380a5d0189
- Size
  
  324KB
- MD5
  
  d4d4a30131f3c467bb8cd928944f1efa
- SHA1
  
  2a84bdf794f07fdcce3819ab6f27cc51f4b81b21
- SHA256
  
  1b23be114479095a4a8adf0ab356fe19ed7db86ce897e94e016cce380a5d0189
- SHA512
  
  7ae3ade157fc25f96bf176ec5965f41c2ccd5ddbc4a27419a6167e181563b136d70576260f7093ce545c4d20231b9603027435e93d683f21bcf9222dfa33cc2d
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorpersistenceransomware