gandcrab | d0c87a7417e4f1a2c53f501a840e9b690099edf0e64b8aa82d03e1d6ca36e08b | Triage

Sharing

General

Target

d0c87a7417e4f1a2c53f501a840e9b690099edf0e64b8aa82d03e1d6ca36e08b
Size

266KB
Sample

210518-nrtq1edhb6
MD5

7d5a69163b3082d14396182b250a7003
SHA1

6a8606e62d54cfa04eec7282949493e6eb2dd166
SHA256

d0c87a7417e4f1a2c53f501a840e9b690099edf0e64b8aa82d03e1d6ca36e08b
SHA512

4d0363384dff4355574e9d7afbc9cfc4038aafd2daba3111dd64f299261e384f9e6671ba88adac6548c69242d2dd3c1b22db8eb48749fe28416274ca16a41a3f

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  d0c87a7417e4f1a2c53f501a840e9b690099edf0e64b8aa82d03e1d6ca36e08b
- Size
  
  266KB
- MD5
  
  7d5a69163b3082d14396182b250a7003
- SHA1
  
  6a8606e62d54cfa04eec7282949493e6eb2dd166
- SHA256
  
  d0c87a7417e4f1a2c53f501a840e9b690099edf0e64b8aa82d03e1d6ca36e08b
- SHA512
  
  4d0363384dff4355574e9d7afbc9cfc4038aafd2daba3111dd64f299261e384f9e6671ba88adac6548c69242d2dd3c1b22db8eb48749fe28416274ca16a41a3f
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorpersistenceransomware