Overview

overview

10

Static

static

3

3802078969...12.exe

windows7-x64

10

3802078969...12.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3802078969745db373c08aad4c6dfc12.bin

  • Size

    300KB

  • Sample

    240329-b1ajeaef49

  • MD5

    3802078969745db373c08aad4c6dfc12

  • SHA1

    8767190ced02b19d4d515f3b53ae5537e2296e97

  • SHA256

    481ad8f30ca4464b61a7886eb41db0e0e59f5d6fb65389b1e9b18f82f985ed5f

  • SHA512

    53ebeadc8d3f418dbdbdf54a180c0307fab650b2e5bf8de341a80fd8ac11344f577666e09f80a245c655d591dfc46d946b21baf7b45f1ab1928fb1d2489e38b3

  • SSDEEP

    6144:ovEANMO1UnseVgkV0xwvfxnhLTiusLe1740B:nuM0Unsna5mut40B

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      3802078969745db373c08aad4c6dfc12.bin

    • Size

      300KB

    • MD5

      3802078969745db373c08aad4c6dfc12

    • SHA1

      8767190ced02b19d4d515f3b53ae5537e2296e97

    • SHA256

      481ad8f30ca4464b61a7886eb41db0e0e59f5d6fb65389b1e9b18f82f985ed5f

    • SHA512

      53ebeadc8d3f418dbdbdf54a180c0307fab650b2e5bf8de341a80fd8ac11344f577666e09f80a245c655d591dfc46d946b21baf7b45f1ab1928fb1d2489e38b3

    • SSDEEP

      6144:ovEANMO1UnseVgkV0xwvfxnhLTiusLe1740B:nuM0Unsna5mut40B

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks