gandcrab | 9584e19425fef6278400d9b2173d73b94e247ccd79e4c11904f86b0f83696354 | Triage

Submit
Reports

Overview

overview

Static

static

3

program.exe

windows7-x64

program.exe

windows10-2004-x64

Sharing

General

Target

b8342724cf08a6d90a9157121e14cb91_JaffaCakes118
Size

185KB
Sample

240617-ms1w6s1ejq
MD5

b8342724cf08a6d90a9157121e14cb91
SHA1

5916a0e93e23f5688200597380f8fb7c617a802d
SHA256

9584e19425fef6278400d9b2173d73b94e247ccd79e4c11904f86b0f83696354
SHA512

d6890f21825a8464d22663c06a52fa203b472f07354182df0956128f945b88e79d9ea78c9f24c27bb1222e980a6bfb9647edd9c6d71fed265c766777b64ca91c
SSDEEP

3072:F5JL1jtr2Y4zoLvRRNyGokZLSh3b5czJCN6g+RcX5eWMLDmmFPA59xOonPucfSfD:HJL1N20JfXokZ6QskcAWMLim5A5vOAKD

Score

10^/10

gandcrab backdoor persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

program.exe

Resource

win7-20240419-en

gandcrab backdoor persistence ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

program.exe

Resource

win10v2004-20240508-en

gandcrab backdoor ransomware

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  program.exe
- Size
  
  328KB
- MD5
  
  a1d3ac1589572aaf97cc478769910de0
- SHA1
  
  3f8532f91b62ce3c3b97cddfec540da9ff041273
- SHA256
  
  a8fce1cf68294753a4bac38231257f3c7860a080719af8dc8ac5943458059c16
- SHA512
  
  d80ab2500145dfc74f16321d4fbe25801effe10a2558b7e68138f833033a5434714878f134cf9214ce2485b5b0e8ba5b1c29cfb0cfcf074348a27aa2ac0e0e81
- SSDEEP
  
  6144:dmWHLy61/yP85HZZptiYrVGrnCZ0g5ksjYYGHh4rCrrRrrFrrPrr5rrrgrrr8rr+:dmAu61/RHTWY5+nCZ0NIYYbrCrrRrrF2
Score

10^/10

gandcrab backdoor persistence ransomware
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomware

behavioral2

gandcrabbackdoorransomware

© 2018-2024

Terms | Privacy