gandcrab | 41b5e623939fabff5a9022fa72f6ab93a3b35c38be67506afea7a236593a16c2 | Triage

Submit
Reports

Overview

overview

Static

static

41b5e62393...c2.exe

windows7_x64

41b5e62393...c2.exe

windows10-2004_x64

Sharing

General

Target

41b5e623939fabff5a9022fa72f6ab93a3b35c38be67506afea7a236593a16c2
Size

302KB
Sample

220708-fhd64accb2
MD5

6c22dc137d4ea08ea8a00450bfc681ca
SHA1

6015f33b32d6794ac9c60c30e088eff55e0c1669
SHA256

41b5e623939fabff5a9022fa72f6ab93a3b35c38be67506afea7a236593a16c2
SHA512

46fca531d546434c6547e4ba36526f031514d086f9e8be6b7512d5ccc880e6fb18c99b7713e7d8cbeae1f0b0c18c49aced0bbff3b666883c2a82f3a39ae5df43

Score

10^/10

gandcrab backdoor persistence ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

41b5e623939fabff5a9022fa72f6ab93a3b35c38be67506afea7a236593a16c2.exe

Resource

win7-20220414-en

gandcrab backdoor persistence ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

41b5e623939fabff5a9022fa72f6ab93a3b35c38be67506afea7a236593a16c2.exe

Resource

win10v2004-20220414-en

gandcrab backdoor ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  41b5e623939fabff5a9022fa72f6ab93a3b35c38be67506afea7a236593a16c2
- Size
  
  302KB
- MD5
  
  6c22dc137d4ea08ea8a00450bfc681ca
- SHA1
  
  6015f33b32d6794ac9c60c30e088eff55e0c1669
- SHA256
  
  41b5e623939fabff5a9022fa72f6ab93a3b35c38be67506afea7a236593a16c2
- SHA512
  
  46fca531d546434c6547e4ba36526f031514d086f9e8be6b7512d5ccc880e6fb18c99b7713e7d8cbeae1f0b0c18c49aced0bbff3b666883c2a82f3a39ae5df43
Score

10^/10

gandcrab backdoor persistence ransomware suricata
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwaresuricata

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy