Extracted

• • Target

    2025-01-01_028359ce45432d6f57cc85534d1761fb_gandcrab

  • Size

    74KB

  • MD5

    028359ce45432d6f57cc85534d1761fb

  • SHA1

    c861416e334b6e38b0653b8ca1661d3dd47e1b63

  • SHA256

    2d6ccd2ccd763bcf4c8e1f1ba2b8663f696135b7958d552358581d542b163873

  • SHA512

    e49e2171339150d487cb3595fd20add3042e0af731b79ab939ce217440d67e34545ce8cabaf5e89b0dedd3c2de2cac62e318ff9eee8488266745da04c687869b

  • SSDEEP

    1536:C55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:4MSjOnrmBTMqqDL2/mr3IdE8we0Avu5F

  Score

  10^/10

  gandcrabbackdoordiscoverypersistenceransomware

  • GandCrab payload

  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab

  • Gandcrab family

    gandcrab

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2