d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0.sample

General
Target

d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0.sample

Size

183KB

Sample

210726-cexktt5h1x

Score
10 /10
MD5

07fadb006486953439ce0092651fd7a6

SHA1

e42431d37561cc695de03b85e8e99c9e31321742

SHA256

d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0

SHA512

5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437

Malware Config
Targets
Target

d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0.sample

MD5

07fadb006486953439ce0092651fd7a6

Filesize

183KB

Score
10/10
SHA1

e42431d37561cc695de03b85e8e99c9e31321742

SHA256

d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0

SHA512

5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437

Tags

Signatures

  • Gandcrab

    Description

    Gandcrab is a Trojan horse that encrypts files on a computer.

    Tags

  • suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity

    Tags

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File DeletionInhibit System Recovery
  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Drops startup file

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery
  • Sets desktop wallpaper using registry

    Tags

    TTPs

    DefacementModify Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Initial Access
          Lateral Movement
            Persistence
              Privilege Escalation