Overview

overview

10

Static

static

10

2024-10-19...ab.exe

windows11-21h2-x64

10

Resubmissions

19-10-2024 06:13

241019-gyr9bstdkq 10

19-10-2024 03:46

241019-ebptksxdqn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-19_6b2ac60215296f9435fe3685d8f58b6e_gandcrab

  • Size

    97KB

  • Sample

    241019-gyr9bstdkq

  • MD5

    6b2ac60215296f9435fe3685d8f58b6e

  • SHA1

    63e0f6cbc422d92cfe089ceacc78c23a17132c6d

  • SHA256

    ca2920b5cf3aed05d1f44cde1cf55a941c3eb65ee3c919c44273e60cad44beca

  • SHA512

    d500b18636a241ffcbef00699df4b8f0f9b877dd3d2cbc12eddd2d41e2a473a1156b3ab4a1fda52a145cf5e9d9fdc4b0689034123e01ca5be0362d5c9ad53dfc

  • SSDEEP

    1536:YZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAlMqqU+2bbbAV2/S2LNmHkf:WBounVyFHkMqqDL2/LgHkctc

Score
10/10
gandcrabbackdoordiscoverypersistenceransomwareupx

Malware Config

Targets

    • Target

      2024-10-19_6b2ac60215296f9435fe3685d8f58b6e_gandcrab

    • Size

      97KB

    • MD5

      6b2ac60215296f9435fe3685d8f58b6e

    • SHA1

      63e0f6cbc422d92cfe089ceacc78c23a17132c6d

    • SHA256

      ca2920b5cf3aed05d1f44cde1cf55a941c3eb65ee3c919c44273e60cad44beca

    • SHA512

      d500b18636a241ffcbef00699df4b8f0f9b877dd3d2cbc12eddd2d41e2a473a1156b3ab4a1fda52a145cf5e9d9fdc4b0689034123e01ca5be0362d5c9ad53dfc

    • SSDEEP

      1536:YZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAlMqqU+2bbbAV2/S2LNmHkf:WBounVyFHkMqqDL2/LgHkctc

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomwareupx

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks