Description
Gandcrab is a Trojan horse that encrypts files on a computer.
ToDesk_Lite.exe
General
Target
Size
Sample
ToDesk_Lite.exe
6MB
210702-mee6653ca6
Score
10 /10
MD5
SHA1
SHA256
SHA512
ce5ab2494fc91c67248bbdb085b747c2
bdc554a291a4c4e2bf2490522aa70d0ff262cba7
4a36398050b818b3ea0067685fc31cedbe3efa017ae741774c527c9391ec26a6
a60d8225cf8c497f8364adde5467ba6872fd56692650b324815c7eec676e263776be8f7aa442e21d3cb733d5d7544d4e6001a2f8a5834f1b834c9de222b0cbc0
Malware Config
Targets
Target
MD5
Filesize
ToDesk_Lite.exe
ce5ab2494fc91c67248bbdb085b747c2
6MB
Score
10/10
SHA1
SHA256
SHA512
bdc554a291a4c4e2bf2490522aa70d0ff262cba7
4a36398050b818b3ea0067685fc31cedbe3efa017ae741774c527c9391ec26a6
a60d8225cf8c497f8364adde5467ba6872fd56692650b324815c7eec676e263776be8f7aa442e21d3cb733d5d7544d4e6001a2f8a5834f1b834c9de222b0cbc0
Tags
Signatures
-
GandCrab Payload
-
Gandcrab
-
Deletes shadow copies
Description
Ransomware often targets backup files to inhibit system recovery.
Tags
TTPs
-
Modifies boot configuration data using bcdedit
Tags
TTPs
-
Executes dropped EXE
-
UPX packed file
Description
Detects executables packed with UPX/modified UPX open source packer.
Tags
-
Loads dropped DLL
-
Adds Run key to start application
Tags
TTPs
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Description
Attempts to read the root path of hard drives other than the default C: drive.
TTPs
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks