Overview

overview

10

Static

static

10

2024-11-18...ab.exe

windows7-x64

10

2024-11-18...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-18_e4c308b6c38e04bbdb790e9b38f3ec04_gandcrab

  • Size

    240KB

  • Sample

    241118-glm4vazles

  • MD5

    e4c308b6c38e04bbdb790e9b38f3ec04

  • SHA1

    14ca875fe11cd848d7c93226bf58fb135f733295

  • SHA256

    551e21ea7d93932c6bb34708eb48e1b522e8821f68a82c39e4a0bfe5138e262a

  • SHA512

    f091b8022a23ef21e251386dab4dbaab681eb567f9dd862460419b58dfd935146173ee2c934aa8cf77d6be5837349912d1516e070bf5f4df3c6d27f3ac7ee712

  • SSDEEP

    3072:AYHVHd2NwMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZpHk:AycqqDL6oREzZpE

Score
10/10
gandcrabbackdoordiscoverypersistenceransomwareupx

Malware Config

Targets

    • Target

      2024-11-18_e4c308b6c38e04bbdb790e9b38f3ec04_gandcrab

    • Size

      240KB

    • MD5

      e4c308b6c38e04bbdb790e9b38f3ec04

    • SHA1

      14ca875fe11cd848d7c93226bf58fb135f733295

    • SHA256

      551e21ea7d93932c6bb34708eb48e1b522e8821f68a82c39e4a0bfe5138e262a

    • SHA512

      f091b8022a23ef21e251386dab4dbaab681eb567f9dd862460419b58dfd935146173ee2c934aa8cf77d6be5837349912d1516e070bf5f4df3c6d27f3ac7ee712

    • SSDEEP

      3072:AYHVHd2NwMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZpHk:AycqqDL6oREzZpE

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomwareupx

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks