gandcrab | 390dba7c1ccbea39d9ea7d8862e2ea12aa5d833b9568077444d5dbfef7df9564 | Triage

Submit
Reports

Overview

overview

Static

static

3

GandCrab.exe

windows7-x64

Sharing

General

Target

GandCrab.bin.zip
Size

82KB
Sample

230916-lt45jsce37
MD5

88414e88eaee1ee13e057c307949cf73
SHA1

84a99b92d6d4b7e700f36509550d68b507445026
SHA256

390dba7c1ccbea39d9ea7d8862e2ea12aa5d833b9568077444d5dbfef7df9564
SHA512

d207d8af1fd988c16d589eceb329bd4d6443e7fd2f63e00600abd27e5c703fd48fee7d5d2f7dbb858f154926ecd7d47ba6d3741c82cbae999d4fe999158be917
SSDEEP

1536:Wk4BhB92ko4rhQESs+oCeh8cLRFxEvwaCVFJfnaoKKOq1xLcrSIJNtCSLS6t00:WkKr93Ghs+oCK8cLrXntZxLbIJjCSL7d

Score

10^/10

gandcrab backdoor persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

GandCrab.exe

Resource

win7-20230831-en

gandcrab backdoor persistence ransomware

windows7-x64

13 signatures

600 seconds

Malware Config

Targets

- Target
  
  GandCrab.bin
- Size
  
  124KB
- MD5
  
  a635d6a35c2fc054042b6868ef52a0c3
- SHA1
  
  a6d41275384207d250322ab8bc22ca7559ffa9c9
- SHA256
  
  643f8043c0b0f89cedbfc3177ab7cfe99a8e2c7fe16691f3d54fb18bc14b8f45
- SHA512
  
  ab943bdc53c95dbe2cd32958de712b5836101bf125abef86c27abc27bdce9346542867fc686feb2e23a4007888bb413871924f9a0a08d5706cf5034982db27ee
- SSDEEP
  
  3072:io/ZKgm+JiNOeHtOkrEY+KT/Hfi2CXgJ:iow3NOePIY+QyBX
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

© 2018-2023

Terms | Privacy