gandcrab | 0dec77c6823f250d33a9944f90d80d5caac802527edf2b976d66e5caed7a1df9 | Triage

Sharing

General

Target

0dec77c6823f250d33a9944f90d80d5caac802527edf2b976d66e5caed7a1df9
Size

281KB
Sample

210518-xz5w5zgh6s
MD5

10e9474b074df84c221191e4ec4170ce
SHA1

41c8c06a405bf63606364988b67b66820265d296
SHA256

0dec77c6823f250d33a9944f90d80d5caac802527edf2b976d66e5caed7a1df9
SHA512

54be1d9d9c453e6e8640029ab59bdfc908ce2ba7ff432f830abab42f1a01b642a7c45926a74d6ffed262ee510406043b4b22139cd072426911fdd9f9daf10c93

Score

10^/10

gandcrab backdoor persistence ransomware

Malware Config

Targets

- Target
  
  0dec77c6823f250d33a9944f90d80d5caac802527edf2b976d66e5caed7a1df9
- Size
  
  281KB
- MD5
  
  10e9474b074df84c221191e4ec4170ce
- SHA1
  
  41c8c06a405bf63606364988b67b66820265d296
- SHA256
  
  0dec77c6823f250d33a9944f90d80d5caac802527edf2b976d66e5caed7a1df9
- SHA512
  
  54be1d9d9c453e6e8640029ab59bdfc908ce2ba7ff432f830abab42f1a01b642a7c45926a74d6ffed262ee510406043b4b22139cd072426911fdd9f9daf10c93
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorpersistenceransomware