Overview

overview

10

Static

static

10

2025-01-28...ab.exe

windows7-x64

10

2025-01-28...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-28_3431fbbe48389d4a60e08f18078b191a_gandcrab

  • Size

    72KB

  • Sample

    250128-z8zeha1rfw

  • MD5

    3431fbbe48389d4a60e08f18078b191a

  • SHA1

    ff1c9842c2535ca9b4ccfee4999c225b4b1ce662

  • SHA256

    7c0e2112e1b23dc186c44aecb7f841bff5105c5667a4d9b159e42e4c7f157918

  • SHA512

    70aa4296c8290f7baf3d620020100efa951394bfdbc8f0005dac508157283ebb272581bfe403c35b379ec10abaca5e4b81144917de0c12d0ebed831e2eb7308a

  • SSDEEP

    768:sBIxo9TZkKXN7VfiFohEJH5co/iej2JWOkKgTiGMqWNUMFAHJ9E3lvd6s:IIxo9TNXy9coqlWOkKgdMqqUM2Lkvd6

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      2025-01-28_3431fbbe48389d4a60e08f18078b191a_gandcrab

    • Size

      72KB

    • MD5

      3431fbbe48389d4a60e08f18078b191a

    • SHA1

      ff1c9842c2535ca9b4ccfee4999c225b4b1ce662

    • SHA256

      7c0e2112e1b23dc186c44aecb7f841bff5105c5667a4d9b159e42e4c7f157918

    • SHA512

      70aa4296c8290f7baf3d620020100efa951394bfdbc8f0005dac508157283ebb272581bfe403c35b379ec10abaca5e4b81144917de0c12d0ebed831e2eb7308a

    • SSDEEP

      768:sBIxo9TZkKXN7VfiFohEJH5co/iej2JWOkKgTiGMqWNUMFAHJ9E3lvd6s:IIxo9TNXy9coqlWOkKgdMqqUM2Lkvd6

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks