Overview

overview

10

Static

static

10

2025-01-27...ab.exe

windows7-x64

10

2025-01-27...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-27_2edd041d28dd67b4788f9063be2d117c_gandcrab

  • Size

    97KB

  • Sample

    250127-3cxskszkfp

  • MD5

    2edd041d28dd67b4788f9063be2d117c

  • SHA1

    bfafaf378ee9d05db38b4ed70adbb1c2a1d60147

  • SHA256

    851ba0edc45d799bd16c6e77cba4d3756eee1ebfa2453eae4db6123a6cbea4ec

  • SHA512

    f435afaf1586edfa0cd4557c91d5b56710efb9fdaa8ebfac6826357299bc6b685ca54d5cecfd99f2cd95e5beb84386e788972adb40a5762ac274403164846a1a

  • SSDEEP

    1536:AZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHkD:uBounVyFHFMqqDL2/LgHkc2

Score
10/10
gandcrabbackdoordiscoverypersistenceransomwareupx

Malware Config

Targets

    • Target

      2025-01-27_2edd041d28dd67b4788f9063be2d117c_gandcrab

    • Size

      97KB

    • MD5

      2edd041d28dd67b4788f9063be2d117c

    • SHA1

      bfafaf378ee9d05db38b4ed70adbb1c2a1d60147

    • SHA256

      851ba0edc45d799bd16c6e77cba4d3756eee1ebfa2453eae4db6123a6cbea4ec

    • SHA512

      f435afaf1586edfa0cd4557c91d5b56710efb9fdaa8ebfac6826357299bc6b685ca54d5cecfd99f2cd95e5beb84386e788972adb40a5762ac274403164846a1a

    • SSDEEP

      1536:AZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHkD:uBounVyFHFMqqDL2/LgHkc2

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomwareupx

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks