gandcrab | 2d9daac7915ae801cd4567531c63762cc7be7c92fab458be1122a8fc637a42ec | Triage

Submit
Reports

Overview

overview

Static

static

2d9daac791...ec.exe

windows7_x64

2d9daac791...ec.exe

windows10-2004_x64

Sharing

General

Target

2d9daac7915ae801cd4567531c63762cc7be7c92fab458be1122a8fc637a42ec
Size

256KB
Sample

220622-rwcqzabef5
MD5

e435ada682452154c0929068fa84f587
SHA1

4b46b7f352d5049f39e965f019c04f2ab07ad0f0
SHA256

2d9daac7915ae801cd4567531c63762cc7be7c92fab458be1122a8fc637a42ec
SHA512

b2d53406b655a470e250d6beb1a59ae5b62131775f01519beafea9cdcd9420bae8b2f897055c953cb441afeda90db0815f68ad9abef724ab0b37806603a9620d

Score

10^/10

gandcrab backdoor persistence ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

2d9daac7915ae801cd4567531c63762cc7be7c92fab458be1122a8fc637a42ec.exe

Resource

win7-20220414-en

gandcrab backdoor persistence ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2d9daac7915ae801cd4567531c63762cc7be7c92fab458be1122a8fc637a42ec.exe

Resource

win10v2004-20220414-en

gandcrab backdoor ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2d9daac7915ae801cd4567531c63762cc7be7c92fab458be1122a8fc637a42ec
- Size
  
  256KB
- MD5
  
  e435ada682452154c0929068fa84f587
- SHA1
  
  4b46b7f352d5049f39e965f019c04f2ab07ad0f0
- SHA256
  
  2d9daac7915ae801cd4567531c63762cc7be7c92fab458be1122a8fc637a42ec
- SHA512
  
  b2d53406b655a470e250d6beb1a59ae5b62131775f01519beafea9cdcd9420bae8b2f897055c953cb441afeda90db0815f68ad9abef724ab0b37806603a9620d
Score

10^/10

gandcrab backdoor persistence ransomware suricata
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwaresuricata

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy