gandcrab | 0ef5ae0089297f5582cc1762f7aac9f3b15241cfaeb6dddeed2cdf6b01e95297 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-03-28...er.exe

windows7-x64

2024-03-28...er.exe

windows10-2004-x64

Sharing

General

Target

2024-03-28_a37e1af8e55986b2435397e52c8b9a34_magniber
Size

277KB
Sample

240328-sytmyahf9y
MD5

a37e1af8e55986b2435397e52c8b9a34
SHA1

152519801fc79c79847f2f3867271f124d20d558
SHA256

0ef5ae0089297f5582cc1762f7aac9f3b15241cfaeb6dddeed2cdf6b01e95297
SHA512

3d31e1ff6bdd700c2e29999622bc19e3dd29ff4e0c178cc8900ec988908da464da83a8ed3bc5cc6fb7bcf62bd0c67b07b2250f4cf13033ddcaf3bab3fd4a9874
SSDEEP

6144:u3nHPDm0jLAu6Y5jEw564aoJxmhuw1AFkHK/:+vbjf6YNFehQwo

Score

10^/10

gandcrab backdoor persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-03-28_a37e1af8e55986b2435397e52c8b9a34_magniber.exe

Resource

win7-20240221-en

gandcrab backdoor persistence ransomware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-03-28_a37e1af8e55986b2435397e52c8b9a34_magniber.exe

Resource

win10v2004-20240226-en

gandcrab backdoor ransomware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-03-28_a37e1af8e55986b2435397e52c8b9a34_magniber
- Size
  
  277KB
- MD5
  
  a37e1af8e55986b2435397e52c8b9a34
- SHA1
  
  152519801fc79c79847f2f3867271f124d20d558
- SHA256
  
  0ef5ae0089297f5582cc1762f7aac9f3b15241cfaeb6dddeed2cdf6b01e95297
- SHA512
  
  3d31e1ff6bdd700c2e29999622bc19e3dd29ff4e0c178cc8900ec988908da464da83a8ed3bc5cc6fb7bcf62bd0c67b07b2250f4cf13033ddcaf3bab3fd4a9874
- SSDEEP
  
  6144:u3nHPDm0jLAu6Y5jEw564aoJxmhuw1AFkHK/:+vbjf6YNFehQwo
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Detects Reflective DLL injection artifacts
- Detects ransomware indicator
- Gandcrab Payload
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy