gandcrab | da7acec9380c8479d1131fdcec33107ecfac90c51e6fab9cb1a2e24b3098a606 | Triage

Submit
Reports

Overview

overview

Static

static

da7acec938...06.exe

windows7_x64

da7acec938...06.exe

windows10_x64

Sharing

General

Target

da7acec9380c8479d1131fdcec33107ecfac90c51e6fab9cb1a2e24b3098a606
Size

160KB
Sample

220128-wlqx3ahhdn
MD5

90f14f16e79d6e83fc296eb50db87059
SHA1

5f203d596f5c2261c6dd3024bc2ee27f7432eba6
SHA256

da7acec9380c8479d1131fdcec33107ecfac90c51e6fab9cb1a2e24b3098a606
SHA512

2f8586bc5727689a2e9a1e89af751e456e0ce80c22a4fdd9188ce9a2bb454ed7b74e14dec6fcdbe8efd9a2b0f9f204011bc93defd8f460452a3acc72ccc6ac38

Score

10^/10

gandcrab ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

da7acec9380c8479d1131fdcec33107ecfac90c51e6fab9cb1a2e24b3098a606.exe

Resource

win7-en-20211208

ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

da7acec9380c8479d1131fdcec33107ecfac90c51e6fab9cb1a2e24b3098a606.exe

Resource

win10-en-20211208

ransomware suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  da7acec9380c8479d1131fdcec33107ecfac90c51e6fab9cb1a2e24b3098a606
- Size
  
  160KB
- MD5
  
  90f14f16e79d6e83fc296eb50db87059
- SHA1
  
  5f203d596f5c2261c6dd3024bc2ee27f7432eba6
- SHA256
  
  da7acec9380c8479d1131fdcec33107ecfac90c51e6fab9cb1a2e24b3098a606
- SHA512
  
  2f8586bc5727689a2e9a1e89af751e456e0ce80c22a4fdd9188ce9a2bb454ed7b74e14dec6fcdbe8efd9a2b0f9f204011bc93defd8f460452a3acc72ccc6ac38
Score

10^/10

ransomware suricata
- suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
  suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
  suricata
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Defacement

Tasks

static1

behavioral1

ransomwaresuricata

behavioral2

ransomwaresuricata

© 2018-2024

Terms | Privacy