Overview

overview

10

Static

static

3

GandCrab.exe

windows7-x64

10

Resubmissions

02/06/2023, 07:19

230602-h5gxlsag5w 10

02/06/2023, 07:17

230602-h4j1ksag5t 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    GandCrab.bin.zip

  • Size

    82KB

  • Sample

    230602-h4j1ksag5t

  • MD5

    45536c5f72fb2c872248b42cf2b2c634

  • SHA1

    3aea1af9a60aff909ea0a22e0a07e88a84fca872

  • SHA256

    d3de74ddc546c2433c769215bc295df8fc4ee31918e003657dc157aefa274243

  • SHA512

    7eef9a957e0a7ba9986f10c0e7524684e26d783b273a089c5d921b4080d61481911da661249b561e3e6d840769d244a3ed1d19f7cbe9fe79d709ad4a8cfac76f

  • SSDEEP

    1536:msmBJ14NYDMITNNHswMlsDFCqWfPphI4RmRiw/HeSOln7sfWtjONtwHWkHj3:mVPzwaNH+lshCZgAwAloWVEtUlD

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      GandCrab.bin

    • Size

      124KB

    • MD5

      a635d6a35c2fc054042b6868ef52a0c3

    • SHA1

      a6d41275384207d250322ab8bc22ca7559ffa9c9

    • SHA256

      643f8043c0b0f89cedbfc3177ab7cfe99a8e2c7fe16691f3d54fb18bc14b8f45

    • SHA512

      ab943bdc53c95dbe2cd32958de712b5836101bf125abef86c27abc27bdce9346542867fc686feb2e23a4007888bb413871924f9a0a08d5706cf5034982db27ee

    • SSDEEP

      3072:io/ZKgm+JiNOeHtOkrEY+KT/Hfi2CXgJ:iow3NOePIY+QyBX

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks