gandcrab | 2b94a1ef590b4d82ae9cff8d771a738dfe672e8efa24b696ef686da1ea78501e | Triage

Submit
Reports

Overview

overview

Static

static

3

371de1cf9d...18.exe

windows7-x64

371de1cf9d...18.exe

windows10-2004-x64

Sharing

General

Target

371de1cf9d7da962f423a3ff1ad9bc52_JaffaCakes118
Size

244KB
Sample

240330-jkrrrabb9y
MD5

371de1cf9d7da962f423a3ff1ad9bc52
SHA1

c913750e9fb78cd6687555e9f64d60c5ebf16aaa
SHA256

2b94a1ef590b4d82ae9cff8d771a738dfe672e8efa24b696ef686da1ea78501e
SHA512

98d3b6a1844f14307f1f2b52b82b6cb432035bee74ebdf04b77161dfe191439f010d324c62e09d7bbbe48c89a0fbbce0c00b61f2a1185dec7ffbfd82ef16758f
SSDEEP

3072:JyQC2mC/zuw10GGQ++vroMTPjg/2Y2KfdkYq4vjC3IxbOaeOuMkBAOE6lLxSPNlm:uKuwvJUdkqjtbwqkmOVlLxSG

Score

10^/10

gandcrab backdoor persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

371de1cf9d7da962f423a3ff1ad9bc52_JaffaCakes118.exe

Resource

win7-20231129-en

gandcrab backdoor persistence ransomware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

371de1cf9d7da962f423a3ff1ad9bc52_JaffaCakes118.exe

Resource

win10v2004-20240226-en

gandcrab backdoor ransomware

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  371de1cf9d7da962f423a3ff1ad9bc52_JaffaCakes118
- Size
  
  244KB
- MD5
  
  371de1cf9d7da962f423a3ff1ad9bc52
- SHA1
  
  c913750e9fb78cd6687555e9f64d60c5ebf16aaa
- SHA256
  
  2b94a1ef590b4d82ae9cff8d771a738dfe672e8efa24b696ef686da1ea78501e
- SHA512
  
  98d3b6a1844f14307f1f2b52b82b6cb432035bee74ebdf04b77161dfe191439f010d324c62e09d7bbbe48c89a0fbbce0c00b61f2a1185dec7ffbfd82ef16758f
- SSDEEP
  
  3072:JyQC2mC/zuw10GGQ++vroMTPjg/2Y2KfdkYq4vjC3IxbOaeOuMkBAOE6lLxSPNlm:uKuwvJUdkqjtbwqkmOVlLxSG
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy