Overview

overview

10

Static

static

10

2024-04-04...ab.exe

windows7-x64

10

2024-04-04...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-04_4a668f0abb94c8efbe6aa91dd833ba21_gandcrab

  • Size

    145KB

  • Sample

    240404-3hgzbaec67

  • MD5

    4a668f0abb94c8efbe6aa91dd833ba21

  • SHA1

    4bd985b764ff877001dd8e77fa7cbe8ae0ce8e12

  • SHA256

    bc6e501eb8cec81867ae939a4baf5844ae077c617676d640658124f4f7896f42

  • SHA512

    419141158e433bb0781785ff7c67cccce004c88043fbbffd704baf0343aecc4f6b4520601972bf9ce6b9e5d9059e7171ea662eb420ef11b604cc4fc87705ac17

  • SSDEEP

    3072:JYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:JyOqqDL64vdGREz

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2024-04-04_4a668f0abb94c8efbe6aa91dd833ba21_gandcrab

    • Size

      145KB

    • MD5

      4a668f0abb94c8efbe6aa91dd833ba21

    • SHA1

      4bd985b764ff877001dd8e77fa7cbe8ae0ce8e12

    • SHA256

      bc6e501eb8cec81867ae939a4baf5844ae077c617676d640658124f4f7896f42

    • SHA512

      419141158e433bb0781785ff7c67cccce004c88043fbbffd704baf0343aecc4f6b4520601972bf9ce6b9e5d9059e7171ea662eb420ef11b604cc4fc87705ac17

    • SSDEEP

      3072:JYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:JyOqqDL64vdGREz

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Detects ransomware indicator

    • Gandcrab Payload

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.