Overview

overview

10

Static

static

ca67847495...b6.exe

windows7_x64

10

ca67847495...b6.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca678474955a77947a0a6be5a6d4e31f9243dda6926ac5d8a21befd91d8212b6

  • Size

    308KB

  • Sample

    210518-qe881vd9bn

  • MD5

    b81c2e0de91706d2bd9c40c7b90ef34d

  • SHA1

    7d808c534ee7b139c9718a8cdea7205172c52d1b

  • SHA256

    ca678474955a77947a0a6be5a6d4e31f9243dda6926ac5d8a21befd91d8212b6

  • SHA512

    70587f4ff478596ee81b6d96986e5b159c8b06d0504931b3514313eddaf41aa4981e30eec927823dea73b22c10e82f7c645a960541bc0d70809e3e77cdc9a0c8

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      ca678474955a77947a0a6be5a6d4e31f9243dda6926ac5d8a21befd91d8212b6

    • Size

      308KB

    • MD5

      b81c2e0de91706d2bd9c40c7b90ef34d

    • SHA1

      7d808c534ee7b139c9718a8cdea7205172c52d1b

    • SHA256

      ca678474955a77947a0a6be5a6d4e31f9243dda6926ac5d8a21befd91d8212b6

    • SHA512

      70587f4ff478596ee81b6d96986e5b159c8b06d0504931b3514313eddaf41aa4981e30eec927823dea73b22c10e82f7c645a960541bc0d70809e3e77cdc9a0c8

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab Payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks