gandcrab | 8ba99ea70d32ca0fc244aca7aaed62a20c06fa8c61bf8f87cc41b42076f4924c | Triage

Submit
Reports

Overview

overview

Static

static

2024-02-12...ab.exe

windows7-x64

2024-02-12...ab.exe

windows10-2004-x64

Sharing

General

Target

2024-02-12_92e9796dd5670d07801eeebc14d1f4ee_gandcrab
Size

145KB
Sample

240212-r1411sgc4y
MD5

92e9796dd5670d07801eeebc14d1f4ee
SHA1

8a2f2f3055c027e90240396bf62a49aa76b19712
SHA256

8ba99ea70d32ca0fc244aca7aaed62a20c06fa8c61bf8f87cc41b42076f4924c
SHA512

f150768dc981013ec6956ca6efdd5a7a34ab3dc2360561805fd1aa1e6b4aef22615dac6bccf8daaf86832bf7b4288a72d14b41353a3830c4fa7cc37d2322ab73
SSDEEP

3072:vYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:vyOqqDL64vdGREz

Score

10^/10

gandcrab backdoor persistence ransomware

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

2024-02-12_92e9796dd5670d07801eeebc14d1f4ee_gandcrab.exe

Resource

win7-20231215-en

gandcrab backdoor persistence ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-02-12_92e9796dd5670d07801eeebc14d1f4ee_gandcrab.exe

Resource

win10v2004-20231215-en

gandcrab backdoor persistence ransomware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-02-12_92e9796dd5670d07801eeebc14d1f4ee_gandcrab
- Size
  
  145KB
- MD5
  
  92e9796dd5670d07801eeebc14d1f4ee
- SHA1
  
  8a2f2f3055c027e90240396bf62a49aa76b19712
- SHA256
  
  8ba99ea70d32ca0fc244aca7aaed62a20c06fa8c61bf8f87cc41b42076f4924c
- SHA512
  
  f150768dc981013ec6956ca6efdd5a7a34ab3dc2360561805fd1aa1e6b4aef22615dac6bccf8daaf86832bf7b4288a72d14b41353a3830c4fa7cc37d2322ab73
- SSDEEP
  
  3072:vYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:vyOqqDL64vdGREz
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Detects ransomware indicator
- Gandcrab Payload
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorpersistenceransomware

© 2018-2025

Terms | Privacy