Overview

overview

10

Static

static

10

2025-01-23...ab.exe

windows7-x64

10

2025-01-23...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-23_1d349ae99bcfeb60c7debd78de3c71f7_gandcrab

  • Size

    72KB

  • Sample

    250123-j9t86ssndl

  • MD5

    1d349ae99bcfeb60c7debd78de3c71f7

  • SHA1

    881d69e5795757dd48db723e0ff3e022bb5598e9

  • SHA256

    9c8df717764dbbb5de7fcb5a6332b98e8e655e900f31d21e2f829f0b14221d3c

  • SHA512

    6fbffc0cc13e55d9c1be73c9bbfa114a9fbeaad89cb0874fbb1980e4653375d0aca3445bb67391374e7691029ef3ce2e71aeccd404223d720a9f7fb23fa55869

  • SSDEEP

    768:KBIxo9TZkKXN7VfiFohEJH5co/iej2JWOkKgTiGMqWNUMFAHJ9E3lvd6s:6Ixo9TNXy9coqlWOkKgdMqqUM2Lkvd6

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      2025-01-23_1d349ae99bcfeb60c7debd78de3c71f7_gandcrab

    • Size

      72KB

    • MD5

      1d349ae99bcfeb60c7debd78de3c71f7

    • SHA1

      881d69e5795757dd48db723e0ff3e022bb5598e9

    • SHA256

      9c8df717764dbbb5de7fcb5a6332b98e8e655e900f31d21e2f829f0b14221d3c

    • SHA512

      6fbffc0cc13e55d9c1be73c9bbfa114a9fbeaad89cb0874fbb1980e4653375d0aca3445bb67391374e7691029ef3ce2e71aeccd404223d720a9f7fb23fa55869

    • SSDEEP

      768:KBIxo9TZkKXN7VfiFohEJH5co/iej2JWOkKgTiGMqWNUMFAHJ9E3lvd6s:6Ixo9TNXy9coqlWOkKgdMqqUM2Lkvd6

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks