gandcrab | 383b3db5ef6632aa4becbbbb6cc0323166e07338c979020fb43c3d19bbf16d87 | Triage

Submit
Reports

Overview

overview

Static

static

383b3db5ef...87.exe

windows7_x64

383b3db5ef...87.exe

windows10-2004_x64

Sharing

General

Target

383b3db5ef6632aa4becbbbb6cc0323166e07338c979020fb43c3d19bbf16d87
Size

324KB
Sample

220625-zhtfkabdcr
MD5

2d1edee79ebcffb65d864f32cefe253e
SHA1

62f3f68ea24e1ee36cd2cd6d7e5c41461e8fdafd
SHA256

383b3db5ef6632aa4becbbbb6cc0323166e07338c979020fb43c3d19bbf16d87
SHA512

5131fccb34c026de360de65fe75c9059cb43bb216a2df2e4a3987f892258c792abc890d38739bb680b545f17d77f6fe3844c8acc8f3bd3992333907913dc7441

Score

10^/10

gandcrab backdoor ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

383b3db5ef6632aa4becbbbb6cc0323166e07338c979020fb43c3d19bbf16d87.exe

Resource

win7-20220414-en

gandcrab backdoor ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

383b3db5ef6632aa4becbbbb6cc0323166e07338c979020fb43c3d19bbf16d87.exe

Resource

win10v2004-20220414-en

gandcrab backdoor ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  383b3db5ef6632aa4becbbbb6cc0323166e07338c979020fb43c3d19bbf16d87
- Size
  
  324KB
- MD5
  
  2d1edee79ebcffb65d864f32cefe253e
- SHA1
  
  62f3f68ea24e1ee36cd2cd6d7e5c41461e8fdafd
- SHA256
  
  383b3db5ef6632aa4becbbbb6cc0323166e07338c979020fb43c3d19bbf16d87
- SHA512
  
  5131fccb34c026de360de65fe75c9059cb43bb216a2df2e4a3987f892258c792abc890d38739bb680b545f17d77f6fe3844c8acc8f3bd3992333907913dc7441
Score

10^/10

gandcrab backdoor ransomware suricata
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorransomwaresuricata

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy