Overview

overview

10

Static

static

10

2024-10-15...ab.exe

windows7-x64

10

2024-10-15...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-15_5b5b3d1037c61533192b7a83001de99e_gandcrab

  • Size

    167KB

  • Sample

    241015-dkwg2s1epf

  • MD5

    5b5b3d1037c61533192b7a83001de99e

  • SHA1

    eb8836b5f0df1c22d060797a70bbf57c827fbdc0

  • SHA256

    c9dc0ea52ffd6d9edf119cd22d63b93e48cc156bafe98f3257c2bf3575e70948

  • SHA512

    70c4b66e772e6d74e5095f37b7b1f9f385d9e6d025ae455e3195450a88ce88262815b14092fb4158cf9935f376ff3e38df4ac93bef99f940a8d04dc83aebe81c

  • SSDEEP

    3072:zYHVHd2NFMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZped:zyZqqDL6oREzZpK

Score
10/10
gandcrabbackdoordiscoverypersistenceransomwareupx

Malware Config

Targets

    • Target

      2024-10-15_5b5b3d1037c61533192b7a83001de99e_gandcrab

    • Size

      167KB

    • MD5

      5b5b3d1037c61533192b7a83001de99e

    • SHA1

      eb8836b5f0df1c22d060797a70bbf57c827fbdc0

    • SHA256

      c9dc0ea52ffd6d9edf119cd22d63b93e48cc156bafe98f3257c2bf3575e70948

    • SHA512

      70c4b66e772e6d74e5095f37b7b1f9f385d9e6d025ae455e3195450a88ce88262815b14092fb4158cf9935f376ff3e38df4ac93bef99f940a8d04dc83aebe81c

    • SSDEEP

      3072:zYHVHd2NFMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZped:zyZqqDL6oREzZpK

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomwareupx

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks