gandcrab | 452bf32e856f46d6cdaff897f50f7ea6f7cf8a18c9276253e4b7caaef27b08e8 | Triage

Submit
Reports

Overview

overview

Static

static

452bf32e85...e8.exe

windows7_x64

452bf32e85...e8.exe

windows10-2004_x64

Sharing

General

Target

452bf32e856f46d6cdaff897f50f7ea6f7cf8a18c9276253e4b7caaef27b08e8
Size

300KB
Sample

220707-t8er7sbecj
MD5

5fc32497c54f9b4f43f5e89b50a1c93b
SHA1

dfd860ffd9a99bd03abedcb11de2ca9923fbc860
SHA256

452bf32e856f46d6cdaff897f50f7ea6f7cf8a18c9276253e4b7caaef27b08e8
SHA512

d9a55df6abca75eb19cdfe807c378b3e2033e6b4fc3c59d446cb0dab74e80f0888067e9d519f75aee92fcfa9694c8e7074e48f06f6a85a8a87e6e3c2196f298b

Score

10^/10

gandcrab backdoor persistence ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

452bf32e856f46d6cdaff897f50f7ea6f7cf8a18c9276253e4b7caaef27b08e8.exe

Resource

win7-20220414-en

gandcrab backdoor persistence ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

452bf32e856f46d6cdaff897f50f7ea6f7cf8a18c9276253e4b7caaef27b08e8.exe

Resource

win10v2004-20220414-en

gandcrab backdoor ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  452bf32e856f46d6cdaff897f50f7ea6f7cf8a18c9276253e4b7caaef27b08e8
- Size
  
  300KB
- MD5
  
  5fc32497c54f9b4f43f5e89b50a1c93b
- SHA1
  
  dfd860ffd9a99bd03abedcb11de2ca9923fbc860
- SHA256
  
  452bf32e856f46d6cdaff897f50f7ea6f7cf8a18c9276253e4b7caaef27b08e8
- SHA512
  
  d9a55df6abca75eb19cdfe807c378b3e2033e6b4fc3c59d446cb0dab74e80f0888067e9d519f75aee92fcfa9694c8e7074e48f06f6a85a8a87e6e3c2196f298b
Score

10^/10

gandcrab backdoor persistence ransomware suricata
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwaresuricata

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy