gandcrab | 01e9015800df876184d3bc55af1f780c96df74369df8c36d55287169d3373e0f | Triage

Submit
Reports

Overview

overview

Static

static

01e9015800...0f.exe

windows7_x64

01e9015800...0f.exe

windows10-2004_x64

Sharing

General

Target

01e9015800df876184d3bc55af1f780c96df74369df8c36d55287169d3373e0f
Size

185KB
Sample

220523-vynsssggg6
MD5

6dbf82c8513460cbc7d6d2c3b7585295
SHA1

102e78e10c0c20c7f56f68192296b78e11b5397a
SHA256

01e9015800df876184d3bc55af1f780c96df74369df8c36d55287169d3373e0f
SHA512

41460058be5503bd319a85a84406902559d1f31917f5819f51f95ca69cb6623327477acadeddda0631c563a3665d4b56e38966f12a0bc2248f2e30860621bc2d

Score

10^/10

gandcrab backdoor persistence ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

01e9015800df876184d3bc55af1f780c96df74369df8c36d55287169d3373e0f.exe

Resource

win7-20220414-en

gandcrab backdoor persistence ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

01e9015800df876184d3bc55af1f780c96df74369df8c36d55287169d3373e0f.exe

Resource

win10v2004-20220414-en

gandcrab backdoor ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  01e9015800df876184d3bc55af1f780c96df74369df8c36d55287169d3373e0f
- Size
  
  185KB
- MD5
  
  6dbf82c8513460cbc7d6d2c3b7585295
- SHA1
  
  102e78e10c0c20c7f56f68192296b78e11b5397a
- SHA256
  
  01e9015800df876184d3bc55af1f780c96df74369df8c36d55287169d3373e0f
- SHA512
  
  41460058be5503bd319a85a84406902559d1f31917f5819f51f95ca69cb6623327477acadeddda0631c563a3665d4b56e38966f12a0bc2248f2e30860621bc2d
Score

10^/10

gandcrab backdoor persistence ransomware suricata
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwaresuricata

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy