Overview

overview

10

Static

static

10

2025-04-09...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-09_0f0b287d0fe9c2f1551e0e3b39140b59_gandcrab

  • Size

    97KB

  • Sample

    250409-smsw9svlv5

  • MD5

    0f0b287d0fe9c2f1551e0e3b39140b59

  • SHA1

    b37adfa740e2d58dc3a5f76e962b9eff189291b4

  • SHA256

    b9056f09c97f8f861a2c184c2ad1f81106a5dfaa82b1473cfd8a98fd0da7e0db

  • SHA512

    62385603808cb18645b88d326ffd48f0ec49ca591052bc2ec97c6a0affa689e9a163d637633ec44274a81a235149776e9341af20f8a98c94a986586a8846e8b5

  • SSDEEP

    1536:nZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHkD:vBounVyFHFMqqDL2/LgHkc2

Score
10/10
gandcrabbackdoordiscoverypersistenceransomwareupx

Malware Config

Targets

    • Target

      2025-04-09_0f0b287d0fe9c2f1551e0e3b39140b59_gandcrab

    • Size

      97KB

    • MD5

      0f0b287d0fe9c2f1551e0e3b39140b59

    • SHA1

      b37adfa740e2d58dc3a5f76e962b9eff189291b4

    • SHA256

      b9056f09c97f8f861a2c184c2ad1f81106a5dfaa82b1473cfd8a98fd0da7e0db

    • SHA512

      62385603808cb18645b88d326ffd48f0ec49ca591052bc2ec97c6a0affa689e9a163d637633ec44274a81a235149776e9341af20f8a98c94a986586a8846e8b5

    • SSDEEP

      1536:nZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHkD:vBounVyFHFMqqDL2/LgHkc2

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomwareupx

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks