gandcrab | 6c5684cef7f0b5c0c16d48268177faf82b11fb35e698d9b23d28e10ea2f18f14 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37ed578310c919567528feaa04a456ca_gandcrab_JC.exe
Size

73KB
Sample

230801-wz1pesaf66
MD5

37ed578310c919567528feaa04a456ca
SHA1

b32d9dac7487c768d8af2ca1603af5d7cae6f1a1
SHA256

6c5684cef7f0b5c0c16d48268177faf82b11fb35e698d9b23d28e10ea2f18f14
SHA512

30f7b451e8ef070ecad4ee7466597c090a24c86e1049b750448bd07c0b5b71cadb4e4f7635a1d6ee9e347c18e90f58f1cb0cc42112ead38dab35fa5e25aa938a
SSDEEP

1536:UmgSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:PMSjOnrmBbMqqMmr3IdE8we0Avu5r++N

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  37ed578310c919567528feaa04a456ca_gandcrab_JC.exe
- Size
  
  73KB
- MD5
  
  37ed578310c919567528feaa04a456ca
- SHA1
  
  b32d9dac7487c768d8af2ca1603af5d7cae6f1a1
- SHA256
  
  6c5684cef7f0b5c0c16d48268177faf82b11fb35e698d9b23d28e10ea2f18f14
- SHA512
  
  30f7b451e8ef070ecad4ee7466597c090a24c86e1049b750448bd07c0b5b71cadb4e4f7635a1d6ee9e347c18e90f58f1cb0cc42112ead38dab35fa5e25aa938a
- SSDEEP
  
  1536:UmgSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:PMSjOnrmBbMqqMmr3IdE8we0Avu5r++N
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2