gandcrab

General

Target

o.bin
Size

183KB
Sample

231012-pq7caaab91
MD5

07fadb006486953439ce0092651fd7a6
SHA1

e42431d37561cc695de03b85e8e99c9e31321742
SHA256

d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
SHA512

5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
SSDEEP

3072:Ealy19emgKe0QuYS3UmWuDTEltI3S/7IarDrjCgrQp0M7W:EaqxxDwx/7IS40MS

Score

10^/10

Malware Config

Targets

- Target
  
  o.bin
- Size
  
  183KB
- MD5
  
  07fadb006486953439ce0092651fd7a6
- SHA1
  
  e42431d37561cc695de03b85e8e99c9e31321742
- SHA256
  
  d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
- SHA512
  
  5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
- SSDEEP
  
  3072:Ealy19emgKe0QuYS3UmWuDTEltI3S/7IarDrjCgrQp0M7W:EaqxxDwx/7IS40MS
Score

10^/10

gandcrab backdoor ransomware spyware stealer
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (250) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (287) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2