Extracted

• • Target

    2025-01-23_08a6dc55c14ea776291bce908dffd0a8_gandcrab

  • Size

    83KB

  • MD5

    08a6dc55c14ea776291bce908dffd0a8

  • SHA1

    878ca8fbbe916b4b9ebfb0b201db6b5001cd4cbc

  • SHA256

    5bbd51779903879a1b0f10d176965028897baf76b28ccf72942d7637d35dcc96

  • SHA512

    4aeb2fd51b587811e84e973a8b32c00b664fffe655788dbe5146e19fceb851a49b4837a2d2284f3de599c9ff407482862fa11794820c97fd84506d1f49a72fa4

  • SSDEEP

    1536:t55u555555555pmgSeGDjtQhnwmmB0yDMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r4:FMSjOnrmBrMqqDL2/mr3IdE8we0Avu5c

  Score

  10^/10

  gandcrabbackdoordiscoverypersistenceransomware

  • GandCrab payload

  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab

  • Gandcrab family

    gandcrab

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2