Overview

overview

10

Static

static

6489e2868a...69.exe

windows7_x64

10

6489e2868a...69.exe

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6489e2868a114ab937c472030ad5842add420acfe0c1fb23d483134921de8e69

  • Size

    324KB

  • Sample

    210518-vz1r6w378a

  • MD5

    5fb7d3d6c34cde7f8b23089529651f3a

  • SHA1

    fea93433ca9c41a2c8d0e38cfcdc28f37848f58d

  • SHA256

    6489e2868a114ab937c472030ad5842add420acfe0c1fb23d483134921de8e69

  • SHA512

    f05e61f782bae13f37a50aeaa72ccb52a23974b4a454e564f77b6de13b2bcb8e1ecf30e09bbfa935d2be347a3d8412d20d383aca1c282f4f4b30509cb696ff04

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      6489e2868a114ab937c472030ad5842add420acfe0c1fb23d483134921de8e69

    • Size

      324KB

    • MD5

      5fb7d3d6c34cde7f8b23089529651f3a

    • SHA1

      fea93433ca9c41a2c8d0e38cfcdc28f37848f58d

    • SHA256

      6489e2868a114ab937c472030ad5842add420acfe0c1fb23d483134921de8e69

    • SHA512

      f05e61f782bae13f37a50aeaa72ccb52a23974b4a454e564f77b6de13b2bcb8e1ecf30e09bbfa935d2be347a3d8412d20d383aca1c282f4f4b30509cb696ff04

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab Payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks