gandcrab | a86ad543227f68071a061536ecb023ee9f6d9bb9ba84b81426de9b5c01146fab | Triage

Submit
Reports

Overview

overview

Static

static

2024-10-08...ab.exe

windows7-x64

2024-10-08...ab.exe

windows10-2004-x64

Sharing

General

Target

2024-10-08_1c79db8996eaf82cb51c0faf33edf9a4_gandcrab
Size

97KB
Sample

241008-mg84easfqk
MD5

1c79db8996eaf82cb51c0faf33edf9a4
SHA1

ee6711550f72ab1476556f9a4773f51b88ccd23c
SHA256

a86ad543227f68071a061536ecb023ee9f6d9bb9ba84b81426de9b5c01146fab
SHA512

a89713addab1368a83b846d88c7a49730ba34b7542401143422dbe82a724c66062d34532cb54a661f729c959fd67ab5576cd8a986b3f3c8032410f9e8306677a
SSDEEP

1536:2ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAlMqqU+2bbbAV2/S2LNmHkf:QBounVyFHkMqqDL2/LgHkctc

Score

10^/10

gandcrab backdoor discovery persistence ransomware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

2024-10-08_1c79db8996eaf82cb51c0faf33edf9a4_gandcrab.exe

Resource

win7-20240729-en

gandcrab backdoor discovery persistence ransomware upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-10-08_1c79db8996eaf82cb51c0faf33edf9a4_gandcrab.exe

Resource

win10v2004-20241007-en

gandcrab backdoor discovery persistence ransomware upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-10-08_1c79db8996eaf82cb51c0faf33edf9a4_gandcrab
- Size
  
  97KB
- MD5
  
  1c79db8996eaf82cb51c0faf33edf9a4
- SHA1
  
  ee6711550f72ab1476556f9a4773f51b88ccd23c
- SHA256
  
  a86ad543227f68071a061536ecb023ee9f6d9bb9ba84b81426de9b5c01146fab
- SHA512
  
  a89713addab1368a83b846d88c7a49730ba34b7542401143422dbe82a724c66062d34532cb54a661f729c959fd67ab5576cd8a986b3f3c8032410f9e8306677a
- SSDEEP
  
  1536:2ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAlMqqU+2bbbAV2/S2LNmHkf:QBounVyFHkMqqDL2/LgHkctc
Score

10^/10

gandcrab backdoor discovery persistence ransomware upx
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gandcrabbackdoordiscoverypersistenceransomwareupx

behavioral2

gandcrabbackdoordiscoverypersistenceransomwareupx

© 2018-2025

Terms | Privacy