gandcrab | 54dd610ee895a9c02d7b146f2bd2d22cd7c85465f293b01ba42ea0ed8c626a76 | Triage

Submit
Reports

Overview

overview

Static

static

3

b286f9c0e8...e4.exe

windows7-x64

b286f9c0e8...e4.exe

windows10-2004-x64

Sharing

General

Target

b286f9c0e8803d1efd56a6abe1152fe4.bin
Size

308KB
Sample

240223-clme4aad48
MD5

b286f9c0e8803d1efd56a6abe1152fe4
SHA1

d224a887f7529f4e69479136c6dab72d09ea0443
SHA256

54dd610ee895a9c02d7b146f2bd2d22cd7c85465f293b01ba42ea0ed8c626a76
SHA512

cde09cb528e27d7303ada7f4d3ba6c5681ca1e45b428b2ee2c74f29b3898402b211f96d4e43cdb732831fac21102a9db07cbd981566da361f0b376f14857b229
SSDEEP

6144:dzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:TDHNam62ZdKmZmuPH

Score

10^/10

gandcrab backdoor persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b286f9c0e8803d1efd56a6abe1152fe4.exe

Resource

win7-20240221-en

gandcrab backdoor persistence ransomware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

b286f9c0e8803d1efd56a6abe1152fe4.exe

Resource

win10v2004-20240221-en

gandcrab backdoor ransomware

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  b286f9c0e8803d1efd56a6abe1152fe4.bin
- Size
  
  308KB
- MD5
  
  b286f9c0e8803d1efd56a6abe1152fe4
- SHA1
  
  d224a887f7529f4e69479136c6dab72d09ea0443
- SHA256
  
  54dd610ee895a9c02d7b146f2bd2d22cd7c85465f293b01ba42ea0ed8c626a76
- SHA512
  
  cde09cb528e27d7303ada7f4d3ba6c5681ca1e45b428b2ee2c74f29b3898402b211f96d4e43cdb732831fac21102a9db07cbd981566da361f0b376f14857b229
- SSDEEP
  
  6144:dzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:TDHNam62ZdKmZmuPH
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorransomware

© 2018-2025

Terms | Privacy