gandcrab | f0837b5300016de29c83c8a6dbe84838920ca0f121e7b5863c5c7999b5131dcc | Triage

Sharing

General

Target

f0837b5300016de29c83c8a6dbe84838920ca0f121e7b5863c5c7999b5131dcc
Size

320KB
Sample

210518-sdltyqfjsx
MD5

ba87d6f2b65715f0807e3516006e4e4f
SHA1

9a03981ee8191644a6d8d2ca5632e01cf1aa4eb3
SHA256

f0837b5300016de29c83c8a6dbe84838920ca0f121e7b5863c5c7999b5131dcc
SHA512

6f162b3086621b08f43de3ff3284145f38fccd79ff319587f6914845a9df47eb327cced9b834b7335cc5afe14ae31dee0d73caae8d88f34b02d9783a0645bbe4

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  f0837b5300016de29c83c8a6dbe84838920ca0f121e7b5863c5c7999b5131dcc
- Size
  
  320KB
- MD5
  
  ba87d6f2b65715f0807e3516006e4e4f
- SHA1
  
  9a03981ee8191644a6d8d2ca5632e01cf1aa4eb3
- SHA256
  
  f0837b5300016de29c83c8a6dbe84838920ca0f121e7b5863c5c7999b5131dcc
- SHA512
  
  6f162b3086621b08f43de3ff3284145f38fccd79ff319587f6914845a9df47eb327cced9b834b7335cc5afe14ae31dee0d73caae8d88f34b02d9783a0645bbe4
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

gandcrabbackdoorpersistenceransomware