gandcrab | 36fdeb2abf80269259078d51391f9fcf224f262107bc0d6194e37dd021237b15 | Triage

Submit
Reports

Overview

overview

Static

static

36fdeb2abf...15.exe

windows7_x64

36fdeb2abf...15.exe

windows10-2004_x64

Sharing

General

Target

36fdeb2abf80269259078d51391f9fcf224f262107bc0d6194e37dd021237b15
Size

313KB
Sample

220626-a5mtvsafar
MD5

541aa6e73a72f2b169163c4f167ce653
SHA1

380e38fb4a4c56cbaa5c14a26ec433ce56691414
SHA256

36fdeb2abf80269259078d51391f9fcf224f262107bc0d6194e37dd021237b15
SHA512

c0db6d75d14c8237c1631e2d1620f5125c2e8ac8d902c778d4b36d78e6824d895642f49e5bb904fbec92352df454f91e49b437f90af2d4625e0aa4d6576d47aa

Score

10^/10

gandcrab backdoor persistence ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

36fdeb2abf80269259078d51391f9fcf224f262107bc0d6194e37dd021237b15.exe

Resource

win7-20220414-en

gandcrab backdoor persistence ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

36fdeb2abf80269259078d51391f9fcf224f262107bc0d6194e37dd021237b15.exe

Resource

win10v2004-20220414-en

gandcrab backdoor ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  36fdeb2abf80269259078d51391f9fcf224f262107bc0d6194e37dd021237b15
- Size
  
  313KB
- MD5
  
  541aa6e73a72f2b169163c4f167ce653
- SHA1
  
  380e38fb4a4c56cbaa5c14a26ec433ce56691414
- SHA256
  
  36fdeb2abf80269259078d51391f9fcf224f262107bc0d6194e37dd021237b15
- SHA512
  
  c0db6d75d14c8237c1631e2d1620f5125c2e8ac8d902c778d4b36d78e6824d895642f49e5bb904fbec92352df454f91e49b437f90af2d4625e0aa4d6576d47aa
Score

10^/10

gandcrab backdoor persistence ransomware suricata
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwaresuricata

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy