Description
Gandcrab is a Trojan horse that encrypts files on a computer.
GandCrab.bin.zip
General
Target
Size
Sample
GandCrab.bin.zip
77KB
211202-t6bb1aaecr
Score
10 /10
MD5
SHA1
SHA256
SHA512
72be875402edd8499941a012621ca01b
41ec8aa592ca9bb917782e7ab30abcecec756ecb
330097c6070ef1e4f773d87c0e53e64ca41dc5bbc22acd4ccece890ddd953b2c
c33d22064735b0ed0524e6f43148852007b6abeb7fdec70d618d68ce0230dbde199c542e3a9158d08b2a38b31ecf94fd07a057b4b209b7af735374588bca7266
Malware Config
Targets
Target
MD5
Filesize
GandCrab.bin
07fadb006486953439ce0092651fd7a6
183KB
Score
10/10
SHA1
SHA256
SHA512
e42431d37561cc695de03b85e8e99c9e31321742
d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
Tags
Signatures
-
Gandcrab
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
Description
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
Tags
-
Deletes shadow copies
Description
Ransomware often targets backup files to inhibit system recovery.
Tags
TTPs
-
Modifies extensions of user files
Description
Ransomware generally changes the extension on encrypted files.
Tags
-
Drops startup file
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Enumerates connected drives
Description
Attempts to read the root path of hard drives other than the default C: drive.
TTPs
-
Sets desktop wallpaper using registry
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks