gandcrab | 1d4dd5974c12559d7810e3cd7571989ca9d1c6520ad85ba01f9a15d764a0028c | Triage

Submit
Reports

Overview

overview

Static

static

1d4dd5974c...8c.exe

windows7-x64

1d4dd5974c...8c.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

1d4dd5974c12559d7810e3cd7571989ca9d1c6520ad85ba01f9a15d764a0028c
Size

236KB
Sample

221018-q5kx9sgab8
MD5

ed110aaa8b2e30b2ed2b12c5c73b4ef6
SHA1

09b82c2cf3ead9b1a7e25c20cb07a62a4c3ef795
SHA256

1d4dd5974c12559d7810e3cd7571989ca9d1c6520ad85ba01f9a15d764a0028c
SHA512

e1e2e7b519176c90e36cb83d86dccbf7c8b74fc18533123c95832d7c547a74ae4d5500c9cef1d248d3a6334394992a3560b24759b3381625320cba44cf645337
SSDEEP

6144:1xVDieXuKeAOSUZYJ9JohMYRbkslNtEGpTSc:1xVD7Re148WYRbXlNtEGTSc

Score

10^/10

gandcrab backdoor persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

1d4dd5974c12559d7810e3cd7571989ca9d1c6520ad85ba01f9a15d764a0028c.exe

Resource

win7-20220812-en

gandcrab backdoor persistence ransomware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1d4dd5974c12559d7810e3cd7571989ca9d1c6520ad85ba01f9a15d764a0028c.exe

Resource

win10v2004-20220812-en

gandcrab backdoor ransomware

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  1d4dd5974c12559d7810e3cd7571989ca9d1c6520ad85ba01f9a15d764a0028c
- Size
  
  236KB
- MD5
  
  ed110aaa8b2e30b2ed2b12c5c73b4ef6
- SHA1
  
  09b82c2cf3ead9b1a7e25c20cb07a62a4c3ef795
- SHA256
  
  1d4dd5974c12559d7810e3cd7571989ca9d1c6520ad85ba01f9a15d764a0028c
- SHA512
  
  e1e2e7b519176c90e36cb83d86dccbf7c8b74fc18533123c95832d7c547a74ae4d5500c9cef1d248d3a6334394992a3560b24759b3381625320cba44cf645337
- SSDEEP
  
  6144:1xVDieXuKeAOSUZYJ9JohMYRbkslNtEGpTSc:1xVD7Re148WYRbXlNtEGTSc
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorransomware

© 2018-2025

Terms | Privacy