Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

GandCrab.bin.zip
Size

77KB
Sample

211202-t6bb1aaecr
MD5

72be875402edd8499941a012621ca01b
SHA1

41ec8aa592ca9bb917782e7ab30abcecec756ecb
SHA256

330097c6070ef1e4f773d87c0e53e64ca41dc5bbc22acd4ccece890ddd953b2c
SHA512

c33d22064735b0ed0524e6f43148852007b6abeb7fdec70d618d68ce0230dbde199c542e3a9158d08b2a38b31ecf94fd07a057b4b209b7af735374588bca7266

Score

10^/10

Malware Config

Targets

- Target
  
  GandCrab.bin
- Size
  
  183KB
- MD5
  
  07fadb006486953439ce0092651fd7a6
- SHA1
  
  e42431d37561cc695de03b85e8e99c9e31321742
- SHA256
  
  d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
- SHA512
  
  5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
Score

10^/10

gandcrab backdoor ransomware spyware stealer suricata
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
  suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
  suricata
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Data from Local System

T1005

Command and Control

Credential Access

Credentials in Files

T1081

Defense Evasion

File Deletion

T1107

Modify Registry

T1112

Install Root Certificate

T1130

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Execution

Exfiltration

Impact

Inhibit System Recovery

T1490

Defacement

T1491

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Sharing

General

Malware Config

Targets

Gandcrab

suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity

Deletes shadow copies

Modifies extensions of user files

Drops startup file

Reads user/profile data of web browsers

Enumerates connected drives

Sets desktop wallpaper using registry

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2