Overview

overview

10

Static

static

10

2025-01-29...ab.exe

windows7-x64

10

2025-01-29...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-29_362cdb0fcae52506506e933e89c0a82c_gandcrab

  • Size

    72KB

  • Sample

    250129-cw82va1khm

  • MD5

    362cdb0fcae52506506e933e89c0a82c

  • SHA1

    cb86ce3e56272cb170b29a6961ab9092ac99ae1f

  • SHA256

    fe1f7daea955c7a27cd75bc593278d494b2b005639e928093745abd9b63714d3

  • SHA512

    75252f1ce8e7ee2e0b568e51481d98443eec6fa6a874637e77280fad3dc2fef7358fb220aa215b9d4906a73c6da0fbe2db25d4ee8c032dc2996d0a6457923440

  • SSDEEP

    768:fBIxo9TZkKXN7VfiFohEJH5co/iej2JWOkKgTiGMqWNUMFAHJ9E3lvd6s:5Ixo9TNXy9coqlWOkKgdMqqUM2Lkvd6

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      2025-01-29_362cdb0fcae52506506e933e89c0a82c_gandcrab

    • Size

      72KB

    • MD5

      362cdb0fcae52506506e933e89c0a82c

    • SHA1

      cb86ce3e56272cb170b29a6961ab9092ac99ae1f

    • SHA256

      fe1f7daea955c7a27cd75bc593278d494b2b005639e928093745abd9b63714d3

    • SHA512

      75252f1ce8e7ee2e0b568e51481d98443eec6fa6a874637e77280fad3dc2fef7358fb220aa215b9d4906a73c6da0fbe2db25d4ee8c032dc2996d0a6457923440

    • SSDEEP

      768:fBIxo9TZkKXN7VfiFohEJH5co/iej2JWOkKgTiGMqWNUMFAHJ9E3lvd6s:5Ixo9TNXy9coqlWOkKgdMqqUM2Lkvd6

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks