Overview

overview

10

Static

static

3

a050d4dd7f...83.exe

windows7-x64

10

a050d4dd7f...83.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a050d4dd7f6187cb8dab61e0f01aa783.bin

  • Size

    308KB

  • Sample

    240223-cgmv3aac95

  • MD5

    a050d4dd7f6187cb8dab61e0f01aa783

  • SHA1

    82fc5c41a36b71c167b837144873ce33874b85ef

  • SHA256

    78ffd0b0f808c4cec3095a27b6daa133177639d64ec3afd784e10cf89b043d86

  • SHA512

    251ac169d2c636407dd1fd45ab8afb8fd9e5f7f7cbe90667349530a151a1004daf78baa8666cc0aeb8a78add1259be22292c21927d96e46986803d1585706bde

  • SSDEEP

    6144:FzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:7DHNam62ZdKmZmuPH

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      a050d4dd7f6187cb8dab61e0f01aa783.bin

    • Size

      308KB

    • MD5

      a050d4dd7f6187cb8dab61e0f01aa783

    • SHA1

      82fc5c41a36b71c167b837144873ce33874b85ef

    • SHA256

      78ffd0b0f808c4cec3095a27b6daa133177639d64ec3afd784e10cf89b043d86

    • SHA512

      251ac169d2c636407dd1fd45ab8afb8fd9e5f7f7cbe90667349530a151a1004daf78baa8666cc0aeb8a78add1259be22292c21927d96e46986803d1585706bde

    • SSDEEP

      6144:FzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:7DHNam62ZdKmZmuPH

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks