gandcrab | 33c48b60c11691111dd0891d24a519178a0f6ff0f7fd062994be30edf09fd7ae | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-01-11...ia.exe

windows7-x64

2024-01-11...ia.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-11_b4d630fb2ea3a7155701588fe1f22cbe_mafia
Size

319KB
Sample

240112-gs1zaahggm
MD5

b4d630fb2ea3a7155701588fe1f22cbe
SHA1

761598dac0e6b67c9336ce0c6688bb43face4320
SHA256

33c48b60c11691111dd0891d24a519178a0f6ff0f7fd062994be30edf09fd7ae
SHA512

df54504919f03392ea9b59a9a4b61336a52e844cf3d91cdb9cab5511c0467f15ab4d016ab440069fba56a1393c02530e8b103b404731600644a97fdc4144101a
SSDEEP

3072:NLFqoITs8+GgzXKhp6vFcBNTjbL617AL6MfUL1OeV7LGyH0Bme3BdcpFbMT9O:NLFAYz7z6hp2W1L61ALCOk7LhdeROuO

Score

10^/10

gandcrab backdoor persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-01-11_b4d630fb2ea3a7155701588fe1f22cbe_mafia.exe

Resource

win7-20231215-en

gandcrab backdoor persistence ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-01-11_b4d630fb2ea3a7155701588fe1f22cbe_mafia.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-01-11_b4d630fb2ea3a7155701588fe1f22cbe_mafia
- Size
  
  319KB
- MD5
  
  b4d630fb2ea3a7155701588fe1f22cbe
- SHA1
  
  761598dac0e6b67c9336ce0c6688bb43face4320
- SHA256
  
  33c48b60c11691111dd0891d24a519178a0f6ff0f7fd062994be30edf09fd7ae
- SHA512
  
  df54504919f03392ea9b59a9a4b61336a52e844cf3d91cdb9cab5511c0467f15ab4d016ab440069fba56a1393c02530e8b103b404731600644a97fdc4144101a
- SSDEEP
  
  3072:NLFqoITs8+GgzXKhp6vFcBNTjbL617AL6MfUL1OeV7LGyH0Bme3BdcpFbMT9O:NLFAYz7z6hp2W1L61ALCOk7LhdeROuO
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

© 2018-2025

Terms | Privacy