gandcrab | 3917afdfa9cbaed0ed409df3d30d3efd1aaaf03fae5c03810336c118ec1aab76 | Triage

Submit
Reports

Overview

overview

Static

static

3917afdfa9...76.exe

windows7_x64

3917afdfa9...76.exe

windows10-2004_x64

Sharing

General

Target

3917afdfa9cbaed0ed409df3d30d3efd1aaaf03fae5c03810336c118ec1aab76
Size

207KB
Sample

220625-wf235sebgn
MD5

aa6f9e075458a6592bfae515b846ae94
SHA1

adc9efdb229faffb2aa821e29ef13a15984bdce4
SHA256

3917afdfa9cbaed0ed409df3d30d3efd1aaaf03fae5c03810336c118ec1aab76
SHA512

7d1c90f7b921636a8e829f49ed60cd27129d32dd5eba2c628f76b4a78b62808c9a08235b1fbabf9290d823d21c7c8a35a504774e5b99c2b384bc1a500d44eea9

Score

10^/10

gandcrab backdoor persistence ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

3917afdfa9cbaed0ed409df3d30d3efd1aaaf03fae5c03810336c118ec1aab76.exe

Resource

win7-20220414-en

gandcrab backdoor persistence ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3917afdfa9cbaed0ed409df3d30d3efd1aaaf03fae5c03810336c118ec1aab76.exe

Resource

win10v2004-20220414-en

gandcrab backdoor ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3917afdfa9cbaed0ed409df3d30d3efd1aaaf03fae5c03810336c118ec1aab76
- Size
  
  207KB
- MD5
  
  aa6f9e075458a6592bfae515b846ae94
- SHA1
  
  adc9efdb229faffb2aa821e29ef13a15984bdce4
- SHA256
  
  3917afdfa9cbaed0ed409df3d30d3efd1aaaf03fae5c03810336c118ec1aab76
- SHA512
  
  7d1c90f7b921636a8e829f49ed60cd27129d32dd5eba2c628f76b4a78b62808c9a08235b1fbabf9290d823d21c7c8a35a504774e5b99c2b384bc1a500d44eea9
Score

10^/10

gandcrab backdoor persistence ransomware suricata
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (gdcb .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (gdcb .bit in DNS Lookup)
  suricata
- suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (malwarehunterteam .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (malwarehunterteam .bit in DNS Lookup)
  suricata
- suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (politiaromana .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware CnC/IP Check Domain (politiaromana .bit in DNS Lookup)
  suricata
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwaresuricata

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy