gandcrab | 1ef66e37edd072ae8e323f4a2e00b83859d22fa0485c7adef792a214acdbc953 | Triage

Sharing

General

Target

8ca5503f5df837f817e40111d3c526bf_gandcrab_JC.exe
Size

73KB
Sample

230824-yg9kqagh9z
MD5

8ca5503f5df837f817e40111d3c526bf
SHA1

36ac4b3243cec33c0e9a35aeb6417184de813b4b
SHA256

1ef66e37edd072ae8e323f4a2e00b83859d22fa0485c7adef792a214acdbc953
SHA512

1c84662971737f296a43f739dc54dc0acf509b67cedc4cb2be0fb99aa367f491add9693a6563ff8a5bcbfeff69c294e102e14855e163e87eadd026796e5166da
SSDEEP

1536:T555555555555pmgSeGDjtQhnwmmB0ywMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r:UMSjOnrmB4MqqDL2/mr3IdE8we0Avu5h

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  8ca5503f5df837f817e40111d3c526bf_gandcrab_JC.exe
- Size
  
  73KB
- MD5
  
  8ca5503f5df837f817e40111d3c526bf
- SHA1
  
  36ac4b3243cec33c0e9a35aeb6417184de813b4b
- SHA256
  
  1ef66e37edd072ae8e323f4a2e00b83859d22fa0485c7adef792a214acdbc953
- SHA512
  
  1c84662971737f296a43f739dc54dc0acf509b67cedc4cb2be0fb99aa367f491add9693a6563ff8a5bcbfeff69c294e102e14855e163e87eadd026796e5166da
- SSDEEP
  
  1536:T555555555555pmgSeGDjtQhnwmmB0ywMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r:UMSjOnrmB4MqqDL2/mr3IdE8we0Avu5h
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2