gandcrab | 63c1e6f85032a804532589bad9698c5bad00427a27275fc9d195e24c91cdbbb7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

2024-01-25...ab.exe

windows7-x64

2024-01-25...ab.exe

windows10-2004-x64

Sharing

General

Target

2024-01-25_ff5f0b2d333102a909f6ebba4feadd09_gandcrab
Size

145KB
Sample

240125-v92tsschaj
MD5

ff5f0b2d333102a909f6ebba4feadd09
SHA1

0c294cc3f6e9bdb83f27048beb1197359f0921b1
SHA256

63c1e6f85032a804532589bad9698c5bad00427a27275fc9d195e24c91cdbbb7
SHA512

c2d79572c2fe3d7db000efad8e40414b9961d5bfe2af26e612d37825788f73e2d4f3e9d597c3ba6448f0872a9310eb450496508d394341c13c18dcba59d89b38
SSDEEP

3072:cYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:cyOqqDL64vdGREz

Score

10^/10

gandcrab kinsing backdoor loader persistence ransomware

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

2024-01-25_ff5f0b2d333102a909f6ebba4feadd09_gandcrab.exe

Resource

win7-20231215-en

gandcrab backdoor persistence ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-01-25_ff5f0b2d333102a909f6ebba4feadd09_gandcrab.exe

Resource

win10v2004-20231222-en

gandcrab kinsing backdoor loader persistence ransomware

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-01-25_ff5f0b2d333102a909f6ebba4feadd09_gandcrab
- Size
  
  145KB
- MD5
  
  ff5f0b2d333102a909f6ebba4feadd09
- SHA1
  
  0c294cc3f6e9bdb83f27048beb1197359f0921b1
- SHA256
  
  63c1e6f85032a804532589bad9698c5bad00427a27275fc9d195e24c91cdbbb7
- SHA512
  
  c2d79572c2fe3d7db000efad8e40414b9961d5bfe2af26e612d37825788f73e2d4f3e9d597c3ba6448f0872a9310eb450496508d394341c13c18dcba59d89b38
- SSDEEP
  
  3072:cYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:cyOqqDL64vdGREz
Score

10^/10

gandcrab backdoor persistence ransomware kinsing loader
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Detects ransomware indicator
- Gandcrab Payload
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabkinsingbackdoorloaderpersistenceransomware

© 2018-2025

Terms | Privacy