gandcrab | d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0 | Triage

Submit
Reports

Overview

overview

Static

static

d77378dcc4...le.exe

windows7_x64

d77378dcc4...le.exe

windows10_x64

Sharing

General

Target

d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0.sample
Size

183KB
Sample

210726-cexktt5h1x
MD5

07fadb006486953439ce0092651fd7a6
SHA1

e42431d37561cc695de03b85e8e99c9e31321742
SHA256

d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
SHA512

5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437

Score

10^/10

gandcrab backdoor ransomware spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0.sample.exe

Resource

win7v20210408

gandcrab backdoor ransomware spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0.sample.exe

Resource

win10v20210408

gandcrab backdoor ransomware spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0.sample
- Size
  
  183KB
- MD5
  
  07fadb006486953439ce0092651fd7a6
- SHA1
  
  e42431d37561cc695de03b85e8e99c9e31321742
- SHA256
  
  d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
- SHA512
  
  5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
Score

10^/10

gandcrab backdoor ransomware spyware stealer suricata
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
  suricata
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

gandcrabbackdoorransomwarespywarestealersuricata

behavioral2

gandcrabbackdoorransomwarespywarestealersuricata

© 2018-2025

Terms | Privacy