d676688e28f77f7de33e62c4b3d70d969e3a4731c5bfd3ffd86166a6506c9237

Target

Size

270KB

Sample

210830-fpsger1m6x

Score

10 ^/10

MD5

347b740d9f2cb1b8fae6f8f82a81680d

SHA1

98cef0e05cf642afc1ae7ec048915482d4e4776e

SHA256

d676688e28f77f7de33e62c4b3d70d969e3a4731c5bfd3ffd86166a6506c9237

SHA512

b23c558208b9a96571aedafb15b5c046ac6051c6727db0334e0bfd068d6fabc924b79fd8c98bad7ce7a253834e471d99bc7e07085fb9cfc7a798ac5a08491460

Target

d676688e28f77f7de33e62c4b3d70d969e3a4731c5bfd3ffd86166a6506c9237

MD5

347b740d9f2cb1b8fae6f8f82a81680d

Filesize

270KB

Score

10^/10

SHA1

98cef0e05cf642afc1ae7ec048915482d4e4776e

SHA256

d676688e28f77f7de33e62c4b3d70d969e3a4731c5bfd3ffd86166a6506c9237

SHA512

b23c558208b9a96571aedafb15b5c046ac6051c6727db0334e0bfd068d6fabc924b79fd8c98bad7ce7a253834e471d99bc7e07085fb9cfc7a798ac5a08491460

Signatures

GandCrab Payload
Gandcrab
Description

Gandcrab is a Trojan horse that encrypts files on a computer.
Tags

ransomware backdoor gandcrab
suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (gdcb .bit in DNS Lookup)
Description

suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (gdcb .bit in DNS Lookup)
Tags

suricata
suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (malwarehunterteam .bit in DNS Lookup)
Description

suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (malwarehunterteam .bit in DNS Lookup)
Tags

suricata
suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (politiaromana .bit in DNS Lookup)
Description

suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (politiaromana .bit in DNS Lookup)
Tags

suricata
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Enumerates connected drives
Description

Attempts to read the root path of hard drives other than the default C: drive.
TTPs

Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

gandcrab backdoor persistence ransomware suricata

10^/10

behavioral2

gandcrab backdoor persistence ransomware suricata

10^/10

Tags

Signatures

GandCrab Payload

Gandcrab

Description

Tags

suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (gdcb .bit in DNS Lookup)

Description

Tags

suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (malwarehunterteam .bit in DNS Lookup)

Description

Tags

suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (politiaromana .bit in DNS Lookup)

Description

Tags

Adds Run key to start application

Tags

TTPs

Enumerates connected drives

Description

TTPs

Related Tasks

static1

behavioral1

behavioral2