gandcrab | 3570b95ea454efd6735bf4942d69521d608ab7d0c9745cfa636f1107acc6a23c | Triage

Submit
Reports

Overview

overview

Static

static

3570b95ea4...3c.exe

windows7_x64

3570b95ea4...3c.exe

windows10-2004_x64

Sharing

General

Target

3570b95ea454efd6735bf4942d69521d608ab7d0c9745cfa636f1107acc6a23c
Size

254KB
Sample

220627-agtbqshgf6
MD5

200914872736a72a37d2433460f4dfb7
SHA1

c9d8bb9fd2472f1af12bfb3a9594e4ad767e8361
SHA256

3570b95ea454efd6735bf4942d69521d608ab7d0c9745cfa636f1107acc6a23c
SHA512

95b2ef953e80f81a535de70e359cf14055621f0cc6f3e54247258cd7781f6db7ad38a2457f5523ce25d252a53ad52cab7230fe7da662d582fc1fe67acac38f3a

Score

10^/10

gandcrab backdoor persistence ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

3570b95ea454efd6735bf4942d69521d608ab7d0c9745cfa636f1107acc6a23c.exe

Resource

win7-20220414-en

gandcrab backdoor persistence ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3570b95ea454efd6735bf4942d69521d608ab7d0c9745cfa636f1107acc6a23c.exe

Resource

win10v2004-20220414-en

gandcrab backdoor ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3570b95ea454efd6735bf4942d69521d608ab7d0c9745cfa636f1107acc6a23c
- Size
  
  254KB
- MD5
  
  200914872736a72a37d2433460f4dfb7
- SHA1
  
  c9d8bb9fd2472f1af12bfb3a9594e4ad767e8361
- SHA256
  
  3570b95ea454efd6735bf4942d69521d608ab7d0c9745cfa636f1107acc6a23c
- SHA512
  
  95b2ef953e80f81a535de70e359cf14055621f0cc6f3e54247258cd7781f6db7ad38a2457f5523ce25d252a53ad52cab7230fe7da662d582fc1fe67acac38f3a
Score

10^/10

gandcrab backdoor persistence ransomware suricata
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)
  suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)
  suricata
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwaresuricata

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy