gandcrab | 4e714fbc756671c12cf010496a3e96aa3041f1c36fc6aed7299054d5a173a655 | Triage

Submit
Reports

Overview

overview

Static

static

4e714fbc75...cs.exe

windows7-x64

4e714fbc75...cs.exe

windows10-2004-x64

Sharing

General

Target

4e714fbc756671c12cf010496a3e96aa3041f1c36fc6aed7299054d5a173a655_NeikiAnalytics.exe
Size

30KB
Sample

240620-k3q4lsyhqa
MD5

92bc31f02a105fe6ace2b0f8c4ac12b0
SHA1

34eee0725a7cb330233ea8eedaae12ba84c48151
SHA256

4e714fbc756671c12cf010496a3e96aa3041f1c36fc6aed7299054d5a173a655
SHA512

84715ba84a5e5c2c7879e87b6a7860950e3a7a05aa888e2c4b0fee8c0a30f59f0350f22a47a056ed3e5d54e082a60c77fcd659126b236e3fc0884467e0d507ee
SSDEEP

384:zlTa+Sj+CR+wDy/uNjNCvdyRbJ15wXDOjggxmewNgAiAW6tk4nrcQGrv1c6:JnSj+CR+myGNjNCvA1McqDdWSnY9r9b

Score

10^/10

gandcrab backdoor persistence ransomware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

4e714fbc756671c12cf010496a3e96aa3041f1c36fc6aed7299054d5a173a655_NeikiAnalytics.exe

Resource

win7-20240220-en

gandcrab backdoor persistence ransomware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4e714fbc756671c12cf010496a3e96aa3041f1c36fc6aed7299054d5a173a655_NeikiAnalytics.exe

Resource

win10v2004-20240611-en

gandcrab backdoor persistence ransomware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  4e714fbc756671c12cf010496a3e96aa3041f1c36fc6aed7299054d5a173a655_NeikiAnalytics.exe
- Size
  
  30KB
- MD5
  
  92bc31f02a105fe6ace2b0f8c4ac12b0
- SHA1
  
  34eee0725a7cb330233ea8eedaae12ba84c48151
- SHA256
  
  4e714fbc756671c12cf010496a3e96aa3041f1c36fc6aed7299054d5a173a655
- SHA512
  
  84715ba84a5e5c2c7879e87b6a7860950e3a7a05aa888e2c4b0fee8c0a30f59f0350f22a47a056ed3e5d54e082a60c77fcd659126b236e3fc0884467e0d507ee
- SSDEEP
  
  384:zlTa+Sj+CR+wDy/uNjNCvdyRbJ15wXDOjggxmewNgAiAW6tk4nrcQGrv1c6:JnSj+CR+myGNjNCvA1McqDdWSnY9r9b
Score

10^/10

gandcrab backdoor persistence ransomware upx
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwareupx

behavioral2

gandcrabbackdoorpersistenceransomwareupx

© 2018-2024

Terms | Privacy