gandcrab | eb6c6cf41a79bbc8e2f1445241070d21e8ffbd5918735619d17a864dfb41eaae | Triage

Submit
Reports

Overview

overview

Static

static

2023-08-25...JC.exe

windows7-x64

2023-08-25...JC.exe

windows10-2004-x64

Sharing

General

Target

2023-08-25_e7b2af0853976d505c7cf66474c3a7e2_gandcrab_JC.exe
Size

147KB
Sample

230915-wlgpdsha53
MD5

e7b2af0853976d505c7cf66474c3a7e2
SHA1

989d723f734d2eb19ac44864783a62da07f99e37
SHA256

eb6c6cf41a79bbc8e2f1445241070d21e8ffbd5918735619d17a864dfb41eaae
SHA512

5ca28118786e5e9849fac16825b959b1b86bf401b51a632ae19cfedf2c4249763160ad9ebb1d54c2ca12c92b003a9b22cbf883628251f0c5ca5660fe61785bfd
SSDEEP

3072:/BounVyFHFMqqDL2/LgHkc2U6FiPZ8aewZ2ql5f2J9lj:/qxHmqqDL6EHl2U6CbeOl5f2Fj

Score

10^/10

gandcrab backdoor persistence ransomware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

2023-08-25_e7b2af0853976d505c7cf66474c3a7e2_gandcrab_JC.exe

Resource

win7-20230831-en

gandcrab backdoor persistence ransomware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2023-08-25_e7b2af0853976d505c7cf66474c3a7e2_gandcrab_JC.exe

Resource

win10v2004-20230915-en

gandcrab backdoor persistence ransomware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2023-08-25_e7b2af0853976d505c7cf66474c3a7e2_gandcrab_JC.exe
- Size
  
  147KB
- MD5
  
  e7b2af0853976d505c7cf66474c3a7e2
- SHA1
  
  989d723f734d2eb19ac44864783a62da07f99e37
- SHA256
  
  eb6c6cf41a79bbc8e2f1445241070d21e8ffbd5918735619d17a864dfb41eaae
- SHA512
  
  5ca28118786e5e9849fac16825b959b1b86bf401b51a632ae19cfedf2c4249763160ad9ebb1d54c2ca12c92b003a9b22cbf883628251f0c5ca5660fe61785bfd
- SSDEEP
  
  3072:/BounVyFHFMqqDL2/LgHkc2U6FiPZ8aewZ2ql5f2J9lj:/qxHmqqDL6EHl2U6CbeOl5f2Fj
Score

10^/10

gandcrab backdoor persistence ransomware upx
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwareupx

behavioral2

gandcrabbackdoorpersistenceransomwareupx

© 2018-2023

Terms | Privacy