19a20164cbd7f6c532d7a6a3886cf0b60ecad0dba6d2d2fe60123c9f6ad2c89c

Target

Size

181KB

Sample

210518-n2e9c8ter2

Score

10 ^/10

MD5

4a12911191d436aa3a2e7760d3ad61a3

SHA1

6ae081144769492edb4dc82a6c3aeeb7bd71583b

SHA256

19a20164cbd7f6c532d7a6a3886cf0b60ecad0dba6d2d2fe60123c9f6ad2c89c

SHA512

c5a6cbd11fc23dfa9bdf4b321e5a840f0c9d681d4935e20d71ad30ddfbdab9124fe42071a0d59ee276286281c1f95bdd5f5f56764a74e597ffa005c1a0cb81c9

Target

19a20164cbd7f6c532d7a6a3886cf0b60ecad0dba6d2d2fe60123c9f6ad2c89c

MD5

4a12911191d436aa3a2e7760d3ad61a3

Filesize

181KB

Score

10^/10

SHA1

6ae081144769492edb4dc82a6c3aeeb7bd71583b

SHA256

19a20164cbd7f6c532d7a6a3886cf0b60ecad0dba6d2d2fe60123c9f6ad2c89c

SHA512

c5a6cbd11fc23dfa9bdf4b321e5a840f0c9d681d4935e20d71ad30ddfbdab9124fe42071a0d59ee276286281c1f95bdd5f5f56764a74e597ffa005c1a0cb81c9

Signatures

GandCrab Payload
Gandcrab
Description

Gandcrab is a Trojan horse that encrypts files on a computer.
Tags

ransomware backdoor gandcrab
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Enumerates connected drives
Description

Attempts to read the root path of hard drives other than the default C: drive.
TTPs

Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

gandcrab backdoor persistence ransomware

10^/10

behavioral2

gandcrab backdoor persistence ransomware

10^/10

Tags

Signatures

GandCrab Payload

Gandcrab

Description

Tags

Adds Run key to start application

Tags

TTPs

Enumerates connected drives

Description

TTPs

Related Tasks

static1

behavioral1

behavioral2