19a20164cbd7f6c532d7a6a3886cf0b60ecad0dba6d2d2fe60123c9f6ad2c89c

General
Target

19a20164cbd7f6c532d7a6a3886cf0b60ecad0dba6d2d2fe60123c9f6ad2c89c

Size

181KB

Sample

210518-n2e9c8ter2

Score
10 /10
MD5

4a12911191d436aa3a2e7760d3ad61a3

SHA1

6ae081144769492edb4dc82a6c3aeeb7bd71583b

SHA256

19a20164cbd7f6c532d7a6a3886cf0b60ecad0dba6d2d2fe60123c9f6ad2c89c

SHA512

c5a6cbd11fc23dfa9bdf4b321e5a840f0c9d681d4935e20d71ad30ddfbdab9124fe42071a0d59ee276286281c1f95bdd5f5f56764a74e597ffa005c1a0cb81c9

Malware Config
Targets
Target

19a20164cbd7f6c532d7a6a3886cf0b60ecad0dba6d2d2fe60123c9f6ad2c89c

MD5

4a12911191d436aa3a2e7760d3ad61a3

Filesize

181KB

Score
10/10
SHA1

6ae081144769492edb4dc82a6c3aeeb7bd71583b

SHA256

19a20164cbd7f6c532d7a6a3886cf0b60ecad0dba6d2d2fe60123c9f6ad2c89c

SHA512

c5a6cbd11fc23dfa9bdf4b321e5a840f0c9d681d4935e20d71ad30ddfbdab9124fe42071a0d59ee276286281c1f95bdd5f5f56764a74e597ffa005c1a0cb81c9

Tags

Signatures

  • GandCrab Payload

  • Gandcrab

    Description

    Gandcrab is a Trojan horse that encrypts files on a computer.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks