Overview

overview

10

Static

static

10

20240618ce...ab.exe

windows7-x64

10

20240618ce...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20240618cebeae1d33d491080543e23611710876gandcrab

  • Size

    99KB

  • Sample

    240618-zswnnswfjg

  • MD5

    cebeae1d33d491080543e23611710876

  • SHA1

    ea34e12b54f2cf42f5c7728a1daecde0a2539bd9

  • SHA256

    2258d167c1e46f5f3399534bc25e413e43c741da36bcd833ab69732fc1d1482a

  • SHA512

    45f52588b14cf66f0cbb4654489c0e25099b2aac7ccac95bdf066451f47868d6ba9b86fa98e325c92461c4a038f45c4172acee2a653ba25f76d8128e3712c30c

  • SSDEEP

    3072:xMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6:xXjOnr6jqqDL6aprYS6

Score
10/10
gandcrabbackdoorpersistenceransomwareupx

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      20240618cebeae1d33d491080543e23611710876gandcrab

    • Size

      99KB

    • MD5

      cebeae1d33d491080543e23611710876

    • SHA1

      ea34e12b54f2cf42f5c7728a1daecde0a2539bd9

    • SHA256

      2258d167c1e46f5f3399534bc25e413e43c741da36bcd833ab69732fc1d1482a

    • SHA512

      45f52588b14cf66f0cbb4654489c0e25099b2aac7ccac95bdf066451f47868d6ba9b86fa98e325c92461c4a038f45c4172acee2a653ba25f76d8128e3712c30c

    • SSDEEP

      3072:xMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6:xXjOnr6jqqDL6aprYS6

    Score
    10/10
    gandcrabbackdoorpersistenceransomwareupx

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks