Overview

overview

10

Static

static

10

2025-01-22...ab.exe

windows7-x64

10

2025-01-22...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-22_15ff6e87271f178f3ead71d866a077d6_gandcrab

  • Size

    97KB

  • Sample

    250122-ss47gssnaz

  • MD5

    15ff6e87271f178f3ead71d866a077d6

  • SHA1

    99601ac6c83a8ffcf18b1b5902cdc2eca4de202d

  • SHA256

    d11db3f39fd05f80d1acd4c92a39a08d574f24d005d8a5107beb378bfa057ed7

  • SHA512

    5c19100f2f915d93a9df12c33e297be7d1c0c451f3f3630c0c9307304cc587c36e3c42fb446f949bc8a91c4a993b02c58f71cb99bfbbd413347e6ee08186fe1c

  • SSDEEP

    1536:8ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHkD:iBounVyFHFMqqDL2/LgHkc2

Score
10/10
gandcrabbackdoordiscoverypersistenceransomwareupx

Malware Config

Targets

    • Target

      2025-01-22_15ff6e87271f178f3ead71d866a077d6_gandcrab

    • Size

      97KB

    • MD5

      15ff6e87271f178f3ead71d866a077d6

    • SHA1

      99601ac6c83a8ffcf18b1b5902cdc2eca4de202d

    • SHA256

      d11db3f39fd05f80d1acd4c92a39a08d574f24d005d8a5107beb378bfa057ed7

    • SHA512

      5c19100f2f915d93a9df12c33e297be7d1c0c451f3f3630c0c9307304cc587c36e3c42fb446f949bc8a91c4a993b02c58f71cb99bfbbd413347e6ee08186fe1c

    • SSDEEP

      1536:8ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHkD:iBounVyFHFMqqDL2/LgHkc2

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomwareupx

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks