gandcrab | 8708f5c9056ccac32adc0cc5b82cba8b0ddd8d3b616aac37c3cceef79c4960fd | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-04-22...ia.exe

windows7-x64

2024-04-22...ia.exe

windows10-2004-x64

Sharing

General

Target

2024-04-22_3e51211c8d03500330f87b4237a445b0_mafia
Size

316KB
Sample

240422-v44ffadh85
MD5

3e51211c8d03500330f87b4237a445b0
SHA1

6d224c1d6f670b4dcc798dc3c498d4800ed39e34
SHA256

8708f5c9056ccac32adc0cc5b82cba8b0ddd8d3b616aac37c3cceef79c4960fd
SHA512

009252229029826fbf5c7ef1fd642b4972af8935ecbaad6a52f6fdfbf2fdd1a966de9ebe361bfd9c1bad78b88487ee05f6e9ea07a3a4db87cbb5a7b1926069ca
SSDEEP

6144:JvF3NMO1UnseVgkV0xwvfxnhLTiusLe1740Y:DdM0Unsna5mut40Y

Score

10^/10

gandcrab backdoor persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-04-22_3e51211c8d03500330f87b4237a445b0_mafia.exe

Resource

win7-20240215-en

gandcrab backdoor persistence ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-22_3e51211c8d03500330f87b4237a445b0_mafia.exe

Resource

win10v2004-20240412-en

gandcrab backdoor ransomware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-22_3e51211c8d03500330f87b4237a445b0_mafia
- Size
  
  316KB
- MD5
  
  3e51211c8d03500330f87b4237a445b0
- SHA1
  
  6d224c1d6f670b4dcc798dc3c498d4800ed39e34
- SHA256
  
  8708f5c9056ccac32adc0cc5b82cba8b0ddd8d3b616aac37c3cceef79c4960fd
- SHA512
  
  009252229029826fbf5c7ef1fd642b4972af8935ecbaad6a52f6fdfbf2fdd1a966de9ebe361bfd9c1bad78b88487ee05f6e9ea07a3a4db87cbb5a7b1926069ca
- SSDEEP
  
  6144:JvF3NMO1UnseVgkV0xwvfxnhLTiusLe1740Y:DdM0Unsna5mut40Y
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Detects Reflective DLL injection artifacts
- Detects ransomware indicator
- Gandcrab Payload
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy