gandcrab | e7b4da8c8b66dafad26c2be42038dd606a7da94003d992d55cc321bfdc76c274 | Triage

Submit
Reports

Overview

overview

Static

static

223fe74d8d...JC.exe

windows7-x64

223fe74d8d...JC.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

223fe74d8d856bexeexe_JC.exe
Size

145KB
Sample

230714-r49qnsfd5x
MD5

223fe74d8d856be82037f22a514c0b05
SHA1

79c7d584aca23bb34c5e08a5a1e9c361be234da8
SHA256

e7b4da8c8b66dafad26c2be42038dd606a7da94003d992d55cc321bfdc76c274
SHA512

20ac11abc5f03f488ae30f0238a3d6e56a1af663819363c6ceb4619f5613c64e7ba6248feb8ad10425a1c36f91b2c978330a78bd48e6cf20e4ea2aa44d4d7bc8
SSDEEP

3072:pYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:pyOqqDL64vdGREz

Score

10^/10

gandcrab backdoor persistence ransomware

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

223fe74d8d856bexeexe_JC.exe

Resource

win7-20230712-en

gandcrab backdoor persistence ransomware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

223fe74d8d856bexeexe_JC.exe

Resource

win10v2004-20230703-en

gandcrab backdoor persistence ransomware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  223fe74d8d856bexeexe_JC.exe
- Size
  
  145KB
- MD5
  
  223fe74d8d856be82037f22a514c0b05
- SHA1
  
  79c7d584aca23bb34c5e08a5a1e9c361be234da8
- SHA256
  
  e7b4da8c8b66dafad26c2be42038dd606a7da94003d992d55cc321bfdc76c274
- SHA512
  
  20ac11abc5f03f488ae30f0238a3d6e56a1af663819363c6ceb4619f5613c64e7ba6248feb8ad10425a1c36f91b2c978330a78bd48e6cf20e4ea2aa44d4d7bc8
- SSDEEP
  
  3072:pYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:pyOqqDL64vdGREz
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorpersistenceransomware

© 2018-2025

Terms | Privacy