gandcrab | 6be34c06ba421a032634c564a1bf298406d7027adf684ec142c5039b6f46d224 | Triage

Sharing

General

Target

6be34c06ba421a032634c564a1bf298406d7027adf684ec142c5039b6f46d224
Size

324KB
Sample

210518-ly77tkh4aj
MD5

2624f1c1450fc6ce76d5df34b3f0bb00
SHA1

d2fa9a1ce877ddc047a9af473594ea0c6302c380
SHA256

6be34c06ba421a032634c564a1bf298406d7027adf684ec142c5039b6f46d224
SHA512

32eac2ddee95d6a2f100b5018f52f8fab6dc47c9e350660f3b2c8a629c7887ea1d66532c5fba9d4564ffbd76ba293cac663092dc70bd931db5c4a539d659fa0b

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  6be34c06ba421a032634c564a1bf298406d7027adf684ec142c5039b6f46d224
- Size
  
  324KB
- MD5
  
  2624f1c1450fc6ce76d5df34b3f0bb00
- SHA1
  
  d2fa9a1ce877ddc047a9af473594ea0c6302c380
- SHA256
  
  6be34c06ba421a032634c564a1bf298406d7027adf684ec142c5039b6f46d224
- SHA512
  
  32eac2ddee95d6a2f100b5018f52f8fab6dc47c9e350660f3b2c8a629c7887ea1d66532c5fba9d4564ffbd76ba293cac663092dc70bd931db5c4a539d659fa0b
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2