gandcrab | b7680a5071367e5e4f8412bc5cdc3cb82eaa0aaa03b4b08f0908069ed86de4ea | Triage

Sharing

General

Target

b7680a5071367e5e4f8412bc5cdc3cb82eaa0aaa03b4b08f0908069ed86de4ea
Size

266KB
Sample

210518-ngjzndnjas
MD5

8d7f8e4240f451ad0d96b255f4c9dfb6
SHA1

8529fe7c200ce765610b748a966ed204c7ae879e
SHA256

b7680a5071367e5e4f8412bc5cdc3cb82eaa0aaa03b4b08f0908069ed86de4ea
SHA512

4ab988615473a2ec2da09ace4082359d559326dfcaeee21cc71b553e41d9df961cee3bddce0879089a54cdaea1bce379d99eac4442874ee67a3968deea6f7baf

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  b7680a5071367e5e4f8412bc5cdc3cb82eaa0aaa03b4b08f0908069ed86de4ea
- Size
  
  266KB
- MD5
  
  8d7f8e4240f451ad0d96b255f4c9dfb6
- SHA1
  
  8529fe7c200ce765610b748a966ed204c7ae879e
- SHA256
  
  b7680a5071367e5e4f8412bc5cdc3cb82eaa0aaa03b4b08f0908069ed86de4ea
- SHA512
  
  4ab988615473a2ec2da09ace4082359d559326dfcaeee21cc71b553e41d9df961cee3bddce0879089a54cdaea1bce379d99eac4442874ee67a3968deea6f7baf
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorpersistenceransomware