General
-
Target
GandCrab.bin.zip
-
Size
77KB
-
Sample
211202-t6bb1aaecr
-
MD5
72be875402edd8499941a012621ca01b
-
SHA1
41ec8aa592ca9bb917782e7ab30abcecec756ecb
-
SHA256
330097c6070ef1e4f773d87c0e53e64ca41dc5bbc22acd4ccece890ddd953b2c
-
SHA512
c33d22064735b0ed0524e6f43148852007b6abeb7fdec70d618d68ce0230dbde199c542e3a9158d08b2a38b31ecf94fd07a057b4b209b7af735374588bca7266
Malware Config
Targets
-
-
Target
GandCrab.bin
-
Size
183KB
-
MD5
07fadb006486953439ce0092651fd7a6
-
SHA1
e42431d37561cc695de03b85e8e99c9e31321742
-
SHA256
d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
-
SHA512
5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
Score10/10-
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-