GandCrab.bin.zip

General
Target

GandCrab.bin.zip

Size

77KB

Sample

211202-t6bb1aaecr

Score
10 /10
MD5

72be875402edd8499941a012621ca01b

SHA1

41ec8aa592ca9bb917782e7ab30abcecec756ecb

SHA256

330097c6070ef1e4f773d87c0e53e64ca41dc5bbc22acd4ccece890ddd953b2c

SHA512

c33d22064735b0ed0524e6f43148852007b6abeb7fdec70d618d68ce0230dbde199c542e3a9158d08b2a38b31ecf94fd07a057b4b209b7af735374588bca7266

Malware Config
Targets
Target

GandCrab.bin

MD5

07fadb006486953439ce0092651fd7a6

Filesize

183KB

Score
10/10
SHA1

e42431d37561cc695de03b85e8e99c9e31321742

SHA256

d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0

SHA512

5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437

Tags

Signatures

  • Gandcrab

    Description

    Gandcrab is a Trojan horse that encrypts files on a computer.

    Tags

  • suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity

    Description

    suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity

    Tags

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File DeletionInhibit System Recovery
  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Drops startup file

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery
  • Sets desktop wallpaper using registry

    Tags

    TTPs

    DefacementModify Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Initial Access
          Lateral Movement
            Persistence
              Privilege Escalation