gandcrab | 41943e66355d19b291f5ea87a2284cab0a7f32cc05f42efb936216859e52756f | Triage

Submit
Reports

Overview

overview

Static

static

41943e6635...6f.exe

windows7_x64

41943e6635...6f.exe

windows10-2004_x64

Sharing

General

Target

41943e66355d19b291f5ea87a2284cab0a7f32cc05f42efb936216859e52756f
Size

321KB
Sample

220708-fzf21sbaap
MD5

81219362437edad064425e27bf2a1305
SHA1

116ae773fbdf2b4abebecd8331b790c9b17860fe
SHA256

41943e66355d19b291f5ea87a2284cab0a7f32cc05f42efb936216859e52756f
SHA512

90105e1d6f49e9ff20c2b6fdb185a17d18c018c96d260d81eaff6db6e5e3d19af55e34408fa088a8c5dced9c6b8abd9517292fe49583d065017b78b55ba63494

Score

10^/10

gandcrab backdoor persistence ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

41943e66355d19b291f5ea87a2284cab0a7f32cc05f42efb936216859e52756f.exe

Resource

win7-20220414-en

gandcrab backdoor persistence ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

41943e66355d19b291f5ea87a2284cab0a7f32cc05f42efb936216859e52756f.exe

Resource

win10v2004-20220414-en

gandcrab backdoor ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  41943e66355d19b291f5ea87a2284cab0a7f32cc05f42efb936216859e52756f
- Size
  
  321KB
- MD5
  
  81219362437edad064425e27bf2a1305
- SHA1
  
  116ae773fbdf2b4abebecd8331b790c9b17860fe
- SHA256
  
  41943e66355d19b291f5ea87a2284cab0a7f32cc05f42efb936216859e52756f
- SHA512
  
  90105e1d6f49e9ff20c2b6fdb185a17d18c018c96d260d81eaff6db6e5e3d19af55e34408fa088a8c5dced9c6b8abd9517292fe49583d065017b78b55ba63494
Score

10^/10

gandcrab backdoor persistence ransomware suricata
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (carder .bit in DNS Lookup)
  suricata
- suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata: ET MALWARE Observed GandCrab Ransomware Domain (ransomware .bit in DNS Lookup)
  suricata
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwaresuricata

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy