Overview

overview

10

Static

static

10

2024-11-24...ab.exe

windows7-x64

10

2024-11-24...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-24_509c7a0d9196a91be3607661573897e2_gandcrab

  • Size

    240KB

  • Sample

    241124-bw1vsstjcm

  • MD5

    509c7a0d9196a91be3607661573897e2

  • SHA1

    7ebe526e781b772b20c33ff2dc88aa057ef4bd19

  • SHA256

    f2a762d7894026d08ea8e013ce76a8f7596e0f439cb62589eb182c2df403dd7c

  • SHA512

    5ba022c821cbacc7bd3782ca71554d8cc922e5502669461e5986bb44cb31d01778d5673bf19d2b5028b5cd3674bbc9ebdfd2a9a89146e63911452a32885b83c5

  • SSDEEP

    3072:lYHVHd2NwMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZpHk:lycqqDL6oREzZpE

Score
10/10
gandcrabbackdoordiscoverypersistenceransomwareupx

Malware Config

Targets

    • Target

      2024-11-24_509c7a0d9196a91be3607661573897e2_gandcrab

    • Size

      240KB

    • MD5

      509c7a0d9196a91be3607661573897e2

    • SHA1

      7ebe526e781b772b20c33ff2dc88aa057ef4bd19

    • SHA256

      f2a762d7894026d08ea8e013ce76a8f7596e0f439cb62589eb182c2df403dd7c

    • SHA512

      5ba022c821cbacc7bd3782ca71554d8cc922e5502669461e5986bb44cb31d01778d5673bf19d2b5028b5cd3674bbc9ebdfd2a9a89146e63911452a32885b83c5

    • SSDEEP

      3072:lYHVHd2NwMqqDL2/mr3IdE8we0Avu5r++ygLIaa4jRv9OtNZpHk:lycqqDL6oREzZpE

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomwareupx

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks