gandcrab | ac98da4223cdd94edf05742281bd209f9b69dbc9ae546873f578d3e2b92f5d33 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-01-18...er.exe

windows7-x64

2024-01-18...er.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-18_04f33a0657417b39b039b3a636d2340e_magniber
Size

277KB
Sample

240118-2a3elsbec2
MD5

04f33a0657417b39b039b3a636d2340e
SHA1

c2c6afc7756ee8a8b6198b990d1956b7908886f4
SHA256

ac98da4223cdd94edf05742281bd209f9b69dbc9ae546873f578d3e2b92f5d33
SHA512

78dbda3511a84ba360b5c0e8f8cef5829ad8a3dbc7a837d97480ca723dbbbac93341f96a95d7be1272234613212706f993f9abaaed4b7b185b5462baeb5205de
SSDEEP

6144:e3nHPDm0jLAu6Y5jEw564aoJxmhuw1AFkHK/:Ovbjf6YNFehQwo

Score

10^/10

gandcrab backdoor persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-01-18_04f33a0657417b39b039b3a636d2340e_magniber.exe

Resource

win7-20231215-en

gandcrab backdoor persistence ransomware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-01-18_04f33a0657417b39b039b3a636d2340e_magniber.exe

Resource

win10v2004-20231222-en

gandcrab backdoor ransomware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-01-18_04f33a0657417b39b039b3a636d2340e_magniber
- Size
  
  277KB
- MD5
  
  04f33a0657417b39b039b3a636d2340e
- SHA1
  
  c2c6afc7756ee8a8b6198b990d1956b7908886f4
- SHA256
  
  ac98da4223cdd94edf05742281bd209f9b69dbc9ae546873f578d3e2b92f5d33
- SHA512
  
  78dbda3511a84ba360b5c0e8f8cef5829ad8a3dbc7a837d97480ca723dbbbac93341f96a95d7be1272234613212706f993f9abaaed4b7b185b5462baeb5205de
- SSDEEP
  
  6144:e3nHPDm0jLAu6Y5jEw564aoJxmhuw1AFkHK/:Ovbjf6YNFehQwo
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Detects Reflective DLL injection artifacts
- Detects ransomware indicator
- Gandcrab Payload
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorransomware

© 2018-2025

Terms | Privacy