gandcrab | 8e5deeda104e2d39c40cd5251f598c640e03f49a1fde55a16e2a999208f0d48a | Triage

Submit
Reports

Overview

overview

Static

static

3

AsepriteTo...er.exe

windows10-1703-x64

Sharing

General

Target

AsepriteToolInstaller.exe
Size

14.1MB
Sample

241007-ent9tsyeph
MD5

05fa8f159d573796a10ebc7ff71ead46
SHA1

21596be221232066e07e454685fd87770baa5002
SHA256

8e5deeda104e2d39c40cd5251f598c640e03f49a1fde55a16e2a999208f0d48a
SHA512

4a23ef81563d6ad9b2e93918b431fdbba3d3e7725ed9835d8bfefb1e1028112234f9217524a994688656fe78f208ef13f8b4aec4abe48a72e87313b5928809e4
SSDEEP

393216:E6UiaGcbN3gSEA/qstVBHdfczPq4yAUtw:E6OwkCK/cj3cw

Score

10^/10

gandcrab backdoor discovery pyinstaller ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

AsepriteToolInstaller.exe

Resource

win10-20240404-es

gandcrab backdoor discovery pyinstaller ransomware

windows10-1703-x64

24 signatures

1800 seconds

Malware Config

Targets

- Target
  
  AsepriteToolInstaller.exe
- Size
  
  14.1MB
- MD5
  
  05fa8f159d573796a10ebc7ff71ead46
- SHA1
  
  21596be221232066e07e454685fd87770baa5002
- SHA256
  
  8e5deeda104e2d39c40cd5251f598c640e03f49a1fde55a16e2a999208f0d48a
- SHA512
  
  4a23ef81563d6ad9b2e93918b431fdbba3d3e7725ed9835d8bfefb1e1028112234f9217524a994688656fe78f208ef13f8b4aec4abe48a72e87313b5928809e4
- SSDEEP
  
  393216:E6UiaGcbN3gSEA/qstVBHdfczPq4yAUtw:E6OwkCK/cj3cw
Score

10^/10

gandcrab backdoor discovery pyinstaller ransomware
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoordiscoverypyinstallerransomware

© 2018-2025

Terms | Privacy