gandcrab | 3473c8aa7025cb4a0644c7e577941fff2f1463afa24707649a4dd202954c9d55 | Triage

Sharing

General

Target

49842c60aba20eed1032daa980655666_gandcrab_JC.exe
Size

73KB
Sample

230819-s5ykgabc76
MD5

49842c60aba20eed1032daa980655666
SHA1

b897591c961d374800eb1f0658c12b2e243435c6
SHA256

3473c8aa7025cb4a0644c7e577941fff2f1463afa24707649a4dd202954c9d55
SHA512

23f57bac49a7ebb40237b3c7e2a0f8d4c0d34969fd4324a13f986bd34ad5bc63b3323d4d19bbac3868088ed773e2c0787d8b82f14a625abc4870cebfa4fffa51
SSDEEP

1536:O555555555555pmgSeGDjtQhnwmmB0ylMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rv:/MSjOnrmBtMqqDL2/mr3IdE8we0Avu5h

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  49842c60aba20eed1032daa980655666_gandcrab_JC.exe
- Size
  
  73KB
- MD5
  
  49842c60aba20eed1032daa980655666
- SHA1
  
  b897591c961d374800eb1f0658c12b2e243435c6
- SHA256
  
  3473c8aa7025cb4a0644c7e577941fff2f1463afa24707649a4dd202954c9d55
- SHA512
  
  23f57bac49a7ebb40237b3c7e2a0f8d4c0d34969fd4324a13f986bd34ad5bc63b3323d4d19bbac3868088ed773e2c0787d8b82f14a625abc4870cebfa4fffa51
- SSDEEP
  
  1536:O555555555555pmgSeGDjtQhnwmmB0ylMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rv:/MSjOnrmBtMqqDL2/mr3IdE8we0Avu5h
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2