Overview

overview

10

Static

static

10

2024-10-14...ab.exe

windows7-x64

10

2024-10-14...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-14_9d55f175494e3e69553bf8c899cc1446_gandcrab

  • Size

    240KB

  • Sample

    241014-dp7e4sxane

  • MD5

    9d55f175494e3e69553bf8c899cc1446

  • SHA1

    9c041bab4e28dcc55b3e14e4a9f8d8d9a585c773

  • SHA256

    ab9ede25dc85307aae90501a2a692d782bf7148823bf1481bf9e9b8923185425

  • SHA512

    3407b475b99b384c84ad96c3f393c75e5f9ed2498477f79dfab898107252fb919e9c1ea03b55a84ad9930d584de38dd3d4b10431a33b37190b5ae37eaa309a2e

  • SSDEEP

    3072:bYHVHd2NwMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZpHk:bycqqDL6oREzZpE

Score
10/10
gandcrabbackdoordiscoverypersistenceransomwareupx

Malware Config

Targets

    • Target

      2024-10-14_9d55f175494e3e69553bf8c899cc1446_gandcrab

    • Size

      240KB

    • MD5

      9d55f175494e3e69553bf8c899cc1446

    • SHA1

      9c041bab4e28dcc55b3e14e4a9f8d8d9a585c773

    • SHA256

      ab9ede25dc85307aae90501a2a692d782bf7148823bf1481bf9e9b8923185425

    • SHA512

      3407b475b99b384c84ad96c3f393c75e5f9ed2498477f79dfab898107252fb919e9c1ea03b55a84ad9930d584de38dd3d4b10431a33b37190b5ae37eaa309a2e

    • SSDEEP

      3072:bYHVHd2NwMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZpHk:bycqqDL6oREzZpE

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomwareupx

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks