gandcrab | 4a36398050b818b3ea0067685fc31cedbe3efa017ae741774c527c9391ec26a6 | Triage

Submit
Reports

Overview

overview

Static

static

8

ToDesk_Lite.exe

windows7_x64

ToDesk_Lite.exe

windows10_x64

5

Resubmissions

09-07-2021 13:58

210709-xk3hc7raax 8

02-07-2021 15:48

210702-mee6653ca6 10

Sharing

General

Target

ToDesk_Lite.exe
Size

6.4MB
Sample

210702-mee6653ca6
MD5

ce5ab2494fc91c67248bbdb085b747c2
SHA1

bdc554a291a4c4e2bf2490522aa70d0ff262cba7
SHA256

4a36398050b818b3ea0067685fc31cedbe3efa017ae741774c527c9391ec26a6
SHA512

a60d8225cf8c497f8364adde5467ba6872fd56692650b324815c7eec676e263776be8f7aa442e21d3cb733d5d7544d4e6001a2f8a5834f1b834c9de222b0cbc0

Score

10^/10

gandcrab backdoor evasion persistence ransomware upx

Static task

static1

Behavioral task

behavioral1

Sample

ToDesk_Lite.exe

Resource

win7v20210408

gandcrab backdoor evasion persistence ransomware upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ToDesk_Lite.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ToDesk_Lite.exe
- Size
  
  6.4MB
- MD5
  
  ce5ab2494fc91c67248bbdb085b747c2
- SHA1
  
  bdc554a291a4c4e2bf2490522aa70d0ff262cba7
- SHA256
  
  4a36398050b818b3ea0067685fc31cedbe3efa017ae741774c527c9391ec26a6
- SHA512
  
  a60d8225cf8c497f8364adde5467ba6872fd56692650b324815c7eec676e263776be8f7aa442e21d3cb733d5d7544d4e6001a2f8a5834f1b834c9de222b0cbc0
Score

10^/10

gandcrab backdoor evasion persistence ransomware upx
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File Deletion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Defacement

Tasks

static1

behavioral1

gandcrabbackdoorevasionpersistenceransomwareupx

behavioral2

© 2018-2024

Terms | Privacy