gandcrab | 51581f0711464b1af9f9d2da2d3431a88776c6caa7d9bb1d80e50a4b447b9796 | Triage

Sharing

General

Target

gandcrab.7z
Size

26KB
Sample

230411-yn71gage8v
MD5

f72cd9604fecc44eb4d0be384a9cb094
SHA1

f4b6ddecce095f3ec87d72f0e13e1fbcd2a5b2db
SHA256

51581f0711464b1af9f9d2da2d3431a88776c6caa7d9bb1d80e50a4b447b9796
SHA512

6088de014d96ae4d362f2a44c880fcb75ef852279447bf97a38aa444d2a755b4d07f7165d703f768e2d681dd82db0c456504f975adad659a21c2841c8476c7e3
SSDEEP

768:LFW2qxD19mmG0fkFootWRY+uNNHyp2Ru3NHIKt:Lw2qVS0cFoogeNNSQRu3NHz

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  gandcrab.exe
- Size
  
  70KB
- MD5
  
  53c39e4036f845fd7caa0e427bcfdb5f
- SHA1
  
  b14464cd6b60cf600b90b2c0a2c5acf0458ef0e2
- SHA256
  
  b1b9328574aaa69341e9b3ce07790d7d506106619443317e71d3921ce6769f76
- SHA512
  
  561f1b99602e18306e163e8943d7b2286c0bd50e42c591729ceda3eef0528a6ee13f6d6a9eff2a3574617f6152113247e956e41a0839e6a044a9d9c455af2c68
- SSDEEP
  
  1536:/ZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Wd5BJHMqqDL2/Ovvdr
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2