gandcrab | de2fb10156d4852276992216e053a0c57fccf1e79051010ebf8299a4e9e253fb | Triage

Submit
Reports

Overview

overview

Static

static

sample.exe

windows7_x64

sample.exe

windows10-2004_x64

Sharing

General

Target

de2fb10156d4852276992216e053a0c57fccf1e79051010ebf8299a4e9e253fb
Size

79KB
Sample

220703-v3xw9sacgk
MD5

fc43d639ba6ccea886c31aeb8fcac9a0
SHA1

f4b8f4baa67561fe82541c0f0ea46937bed40e4a
SHA256

de2fb10156d4852276992216e053a0c57fccf1e79051010ebf8299a4e9e253fb
SHA512

8d56948802c97e6b1aa261a67aa9d822a89d899733de647427983e501a739de1cb27c7773968e23d840cd59a7fff5e539452167a3ad94cbed074a0be25457eaf

Score

10^/10

gandcrab backdoor ransomware spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

sample.exe

Resource

win7-20220414-en

gandcrab backdoor ransomware spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

sample.exe

Resource

win10v2004-20220414-en

gandcrab backdoor ransomware spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  183KB
- MD5
  
  07fadb006486953439ce0092651fd7a6
- SHA1
  
  e42431d37561cc695de03b85e8e99c9e31321742
- SHA256
  
  d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
- SHA512
  
  5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
Score

10^/10

gandcrab backdoor ransomware spyware stealer suricata
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
  suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
  suricata
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

gandcrabbackdoorransomwarespywarestealersuricata

behavioral2

gandcrabbackdoorransomwarespywarestealersuricata

© 2018-2025

Terms | Privacy