Description
Gandcrab is a Trojan horse that encrypts files on a computer.
d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0.sample
General
Target
Size
Sample
d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0.sample
183KB
210726-cexktt5h1x
Score
10 /10
MD5
SHA1
SHA256
SHA512
07fadb006486953439ce0092651fd7a6
e42431d37561cc695de03b85e8e99c9e31321742
d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
Malware Config
Targets
Target
MD5
Filesize
d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0.sample
07fadb006486953439ce0092651fd7a6
183KB
Score
10/10
SHA1
SHA256
SHA512
e42431d37561cc695de03b85e8e99c9e31321742
d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
Tags
Signatures
-
Gandcrab
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
Tags
-
Deletes shadow copies
Description
Ransomware often targets backup files to inhibit system recovery.
Tags
TTPs
-
Modifies extensions of user files
Description
Ransomware generally changes the extension on encrypted files.
Tags
-
Drops startup file
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Enumerates connected drives
Description
Attempts to read the root path of hard drives other than the default C: drive.
TTPs
-
Sets desktop wallpaper using registry
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks