gandcrab | b544024ccaf2732cd3aa915b8d8db30ae568758ceabe02bb143bbe506a26fe0c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

ff5a1c761c...86.exe

windows7-x64

ff5a1c761c...86.exe

windows10-2004-x64

Sharing

General

Target

ff5a1c761c9fef48c031472614a51886
Size

244KB
Sample

220908-ycy87afeh7
MD5

ff5a1c761c9fef48c031472614a51886
SHA1

2d92b56d2c3b5af6b0cadc2092ddcec064a68efc
SHA256

b544024ccaf2732cd3aa915b8d8db30ae568758ceabe02bb143bbe506a26fe0c
SHA512

5e968e3201586ffb8df317611134a7999750f398c54ed23d5cc2dff109b3eaad97aa88628f936cd83637cf71548adc9f96b3bd382c21cde6ee2607683535a6a7
SSDEEP

3072:Ji6ItbhTm5EJBBEDCNVuNwXiNtoU39qzNAjv2bZxglSv1OrSjfXw2ODF:Ji6ItdLjcCLSNmWt2bZQSdOrSjfXw2qF

Score

10^/10

gandcrab backdoor persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

ff5a1c761c9fef48c031472614a51886.exe

Resource

win7-20220812-en

gandcrab backdoor persistence ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ff5a1c761c9fef48c031472614a51886.exe

Resource

win10v2004-20220901-en

gandcrab backdoor ransomware

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  ff5a1c761c9fef48c031472614a51886
- Size
  
  244KB
- MD5
  
  ff5a1c761c9fef48c031472614a51886
- SHA1
  
  2d92b56d2c3b5af6b0cadc2092ddcec064a68efc
- SHA256
  
  b544024ccaf2732cd3aa915b8d8db30ae568758ceabe02bb143bbe506a26fe0c
- SHA512
  
  5e968e3201586ffb8df317611134a7999750f398c54ed23d5cc2dff109b3eaad97aa88628f936cd83637cf71548adc9f96b3bd382c21cde6ee2607683535a6a7
- SSDEEP
  
  3072:Ji6ItbhTm5EJBBEDCNVuNwXiNtoU39qzNAjv2bZxglSv1OrSjfXw2ODF:Ji6ItdLjcCLSNmWt2bZQSdOrSjfXw2qF
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorransomware

© 2018-2025

Terms | Privacy