gandcrab | 9420dd074e232f83748a6a61d1e7ed4ed1a5b6beccb2b8f43983a212e61ceaee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8282a8e9f92811exeexeexeex.exe
Size

73KB
Sample

230709-h49w1abb29
MD5

8282a8e9f92811c082ad3ca9d29e4613
SHA1

fc277078fa33cf4d572df6ef73dee2e1df51e265
SHA256

9420dd074e232f83748a6a61d1e7ed4ed1a5b6beccb2b8f43983a212e61ceaee
SHA512

145bd5f56781c4d1c227ed843a7cd50e81c862b727fd437a4cf5be7eaca27e8631d1e386959db7c4f38ae360d9ab99f5fe5c43d4189034d22b9698931e58a5f4
SSDEEP

1536:p55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:hMSjOnrmBTMqqDL2/mr3IdE8we0Avu5h

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  8282a8e9f92811exeexeexeex.exe
- Size
  
  73KB
- MD5
  
  8282a8e9f92811c082ad3ca9d29e4613
- SHA1
  
  fc277078fa33cf4d572df6ef73dee2e1df51e265
- SHA256
  
  9420dd074e232f83748a6a61d1e7ed4ed1a5b6beccb2b8f43983a212e61ceaee
- SHA512
  
  145bd5f56781c4d1c227ed843a7cd50e81c862b727fd437a4cf5be7eaca27e8631d1e386959db7c4f38ae360d9ab99f5fe5c43d4189034d22b9698931e58a5f4
- SSDEEP
  
  1536:p55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:hMSjOnrmBTMqqDL2/mr3IdE8we0Avu5h
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2