gandcrab | 9932e5949fdc062b3c12769a6e5236e4f5caa40f0c966b879f5a306f0670ee52 | Triage

Submit
Reports

Overview

overview

Static

static

9932e5949f...52.exe

windows7-x64

9932e5949f...52.exe

windows10-2004-x64

Sharing

General

Target

9932e5949fdc062b3c12769a6e5236e4f5caa40f0c966b879f5a306f0670ee52
Size

109KB
Sample

240621-bqwnwsvblb
MD5

d3537fec0b0ca4e6ae6f91b85b15c1d5
SHA1

ade90a54d16ccca3c8d2c4c25a2ede4786c7c368
SHA256

9932e5949fdc062b3c12769a6e5236e4f5caa40f0c966b879f5a306f0670ee52
SHA512

1298d94ca3c2671d43fdfcae62aa0886f43a3c9908ec0dc2ab64989f9f66aeab93b33d06060c2619081c676afd4f6980c70322a5a93cb1f9dea396e0b9fb5126
SSDEEP

3072:HMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6C:HXjOnr6jqqDL6aprYS6C

Score

10^/10

gandcrab backdoor persistence ransomware upx

Static task

static1

7 signatures

Behavioral task

behavioral1

Sample

9932e5949fdc062b3c12769a6e5236e4f5caa40f0c966b879f5a306f0670ee52.exe

Resource

win7-20240419-en

gandcrab backdoor persistence ransomware upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

9932e5949fdc062b3c12769a6e5236e4f5caa40f0c966b879f5a306f0670ee52.exe

Resource

win10v2004-20240611-en

gandcrab backdoor persistence ransomware upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  9932e5949fdc062b3c12769a6e5236e4f5caa40f0c966b879f5a306f0670ee52
- Size
  
  109KB
- MD5
  
  d3537fec0b0ca4e6ae6f91b85b15c1d5
- SHA1
  
  ade90a54d16ccca3c8d2c4c25a2ede4786c7c368
- SHA256
  
  9932e5949fdc062b3c12769a6e5236e4f5caa40f0c966b879f5a306f0670ee52
- SHA512
  
  1298d94ca3c2671d43fdfcae62aa0886f43a3c9908ec0dc2ab64989f9f66aeab93b33d06060c2619081c676afd4f6980c70322a5a93cb1f9dea396e0b9fb5126
- SSDEEP
  
  3072:HMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6C:HXjOnr6jqqDL6aprYS6C
Score

10^/10

gandcrab backdoor persistence ransomware upx
- GandCrab payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Detects ransomware indicator
- Gandcrab Payload
- UPX dump on OEP (original entry point)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gandcrabbackdoorpersistenceransomwareupx

behavioral2

gandcrabbackdoorpersistenceransomwareupx

© 2018-2024

Terms | Privacy