Overview

overview

10

Static

static

3

f8e137cd21...bN.exe

windows7-x64

10

f8e137cd21...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8e137cd21db4003eb8b3ccbdb5759a9917f965d0402b46d55b5f4967f5b61ebN

  • Size

    250KB

  • Sample

    241008-y7p9rsshrj

  • MD5

    991cf2432c006d43d1efefd52cddfb80

  • SHA1

    c5957a8fe34f3d2466ce1a24ff8095e5077bb6bf

  • SHA256

    f8e137cd21db4003eb8b3ccbdb5759a9917f965d0402b46d55b5f4967f5b61eb

  • SHA512

    7a986e9530c8075d427bd2d1a983cda63f9ebcba1e31654da60e6097beebedb1d2951f74bdc0911baf24999500dd7ec30c2bddc2d36f3e41ef696bb85911c0f4

  • SSDEEP

    3072:W/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:W/y20Gj0r+EBFrkvlU3RvIUDOIN

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      f8e137cd21db4003eb8b3ccbdb5759a9917f965d0402b46d55b5f4967f5b61ebN

    • Size

      250KB

    • MD5

      991cf2432c006d43d1efefd52cddfb80

    • SHA1

      c5957a8fe34f3d2466ce1a24ff8095e5077bb6bf

    • SHA256

      f8e137cd21db4003eb8b3ccbdb5759a9917f965d0402b46d55b5f4967f5b61eb

    • SHA512

      7a986e9530c8075d427bd2d1a983cda63f9ebcba1e31654da60e6097beebedb1d2951f74bdc0911baf24999500dd7ec30c2bddc2d36f3e41ef696bb85911c0f4

    • SSDEEP

      3072:W/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:W/y20Gj0r+EBFrkvlU3RvIUDOIN

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks