Overview

overview

10

Static

static

10

2025-01-27...ab.exe

windows7-x64

10

2025-01-27...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-27_29af0445db82072e5e2de50f521d98be_gandcrab

  • Size

    72KB

  • Sample

    250127-z79h3swkcw

  • MD5

    29af0445db82072e5e2de50f521d98be

  • SHA1

    e34ff895a699996b6a2e23ca8f1c1365cfcdaf1f

  • SHA256

    db38c63f7eb090aa7cb388680c9838d0b62a6ea364fd46272ab45df8239e435e

  • SHA512

    a2160b1161c52a633dfccdabbdc0e1e1b387b0b4548df5f0474c30ff00d74c811dd886cd07b855d976ba40c9cf5ac447e0123a68866b5f6dbf8ae03e80a12ede

  • SSDEEP

    1536:jZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXou5VW8hbHnAwfMqqU+2bbbAV2/S2LkvdG:zBou5VNFHpfMqqDL2/LkvdG

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      2025-01-27_29af0445db82072e5e2de50f521d98be_gandcrab

    • Size

      72KB

    • MD5

      29af0445db82072e5e2de50f521d98be

    • SHA1

      e34ff895a699996b6a2e23ca8f1c1365cfcdaf1f

    • SHA256

      db38c63f7eb090aa7cb388680c9838d0b62a6ea364fd46272ab45df8239e435e

    • SHA512

      a2160b1161c52a633dfccdabbdc0e1e1b387b0b4548df5f0474c30ff00d74c811dd886cd07b855d976ba40c9cf5ac447e0123a68866b5f6dbf8ae03e80a12ede

    • SSDEEP

      1536:jZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXou5VW8hbHnAwfMqqU+2bbbAV2/S2LkvdG:zBou5VNFHpfMqqDL2/LkvdG

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks