gandcrab | 6be8dbcb1f0e64cee8f1824cdbd846aee916a363d20414467f166f352cd02724 | Triage

Submit
Reports

Overview

overview

Static

static

6be8dbcb1f...24.exe

windows7_x64

6be8dbcb1f...24.exe

windows10-2004_x64

Sharing

General

Target

6be8dbcb1f0e64cee8f1824cdbd846aee916a363d20414467f166f352cd02724
Size

226KB
Sample

220625-j2hkeaefh5
MD5

4fb4be15ffd29af8150f520671a85fe3
SHA1

9b4be9a5859a283e83b7ae3ec7f4c1509774ede9
SHA256

6be8dbcb1f0e64cee8f1824cdbd846aee916a363d20414467f166f352cd02724
SHA512

9aadd93db0ff81420f1e26598ee49387f7e4f35d7efe876a9af90bea0415822be05b37e7c1ceed2caeac1e261c4ab6ebdb5172eaf8c144632d4f9444d903e217

Score

10^/10

gandcrab backdoor persistence ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

6be8dbcb1f0e64cee8f1824cdbd846aee916a363d20414467f166f352cd02724.exe

Resource

win7-20220414-en

gandcrab backdoor persistence ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6be8dbcb1f0e64cee8f1824cdbd846aee916a363d20414467f166f352cd02724.exe

Resource

win10v2004-20220414-en

gandcrab backdoor ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  6be8dbcb1f0e64cee8f1824cdbd846aee916a363d20414467f166f352cd02724
- Size
  
  226KB
- MD5
  
  4fb4be15ffd29af8150f520671a85fe3
- SHA1
  
  9b4be9a5859a283e83b7ae3ec7f4c1509774ede9
- SHA256
  
  6be8dbcb1f0e64cee8f1824cdbd846aee916a363d20414467f166f352cd02724
- SHA512
  
  9aadd93db0ff81420f1e26598ee49387f7e4f35d7efe876a9af90bea0415822be05b37e7c1ceed2caeac1e261c4ab6ebdb5172eaf8c144632d4f9444d903e217
Score

10^/10

gandcrab backdoor persistence ransomware suricata
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwaresuricata

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy