General
-
Target
GandCrab.bin
-
Size
183KB
-
Sample
240501-knh5fsbd3t
-
MD5
07fadb006486953439ce0092651fd7a6
-
SHA1
e42431d37561cc695de03b85e8e99c9e31321742
-
SHA256
d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
-
SHA512
5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
-
SSDEEP
3072:Ealy19emgKe0QuYS3UmWuDTEltI3S/7IarDrjCgrQp0M7W:EaqxxDwx/7IS40MS
Static task
static1
Behavioral task
behavioral1
Sample
GandCrab.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
GandCrab.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
GandCrab.bin
-
Size
183KB
-
MD5
07fadb006486953439ce0092651fd7a6
-
SHA1
e42431d37561cc695de03b85e8e99c9e31321742
-
SHA256
d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
-
SHA512
5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
-
SSDEEP
3072:Ealy19emgKe0QuYS3UmWuDTEltI3S/7IarDrjCgrQp0M7W:EaqxxDwx/7IS40MS
Score10/10-
Renames multiple (312) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-