Overview

overview

10

Static

static

10

2637ed9627...JC.exe

windows7-x64

10

2637ed9627...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2637ed9627f7591641980c1988ef42ac_gandcrab_JC.exe

  • Size

    147KB

  • Sample

    230818-qp34xabd5s

  • MD5

    2637ed9627f7591641980c1988ef42ac

  • SHA1

    8eb83bba82d70e63096a9f8d8555756be971f271

  • SHA256

    6a00f6d2e222aab6794b9e1bf1efffca0b5597afaf40b51c1ea2cb86328df2cd

  • SHA512

    9a0ec54a6aaef55a242cc59669c038b16c4b68beddb0b742f52d997b306cc8f05316afb5ba9867721cb4d012d25bd935f704a543ac74109a35927602d31a5fd0

  • SSDEEP

    3072:vBounVyFHFMqqDL2/LgHkc2U6FiPZ8aewZ2ql5f2J9lj:vqxHmqqDL6EHl2U6CbeOl5f2Fj

Score
10/10
gandcrabbackdoorpersistenceransomwareupx

Malware Config

Targets

    • Target

      2637ed9627f7591641980c1988ef42ac_gandcrab_JC.exe

    • Size

      147KB

    • MD5

      2637ed9627f7591641980c1988ef42ac

    • SHA1

      8eb83bba82d70e63096a9f8d8555756be971f271

    • SHA256

      6a00f6d2e222aab6794b9e1bf1efffca0b5597afaf40b51c1ea2cb86328df2cd

    • SHA512

      9a0ec54a6aaef55a242cc59669c038b16c4b68beddb0b742f52d997b306cc8f05316afb5ba9867721cb4d012d25bd935f704a543ac74109a35927602d31a5fd0

    • SSDEEP

      3072:vBounVyFHFMqqDL2/LgHkc2U6FiPZ8aewZ2ql5f2J9lj:vqxHmqqDL6EHl2U6CbeOl5f2Fj

    Score
    10/10
    gandcrabbackdoorpersistenceransomwareupx

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks