Overview

overview

10

Static

static

10

2023-08-25...JC.exe

windows7-x64

6

2023-08-25...JC.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2023-08-25_ee2886e009cbf16384840d7b1255d9b8_gandcrab_JC.exe

  • Size

    73KB

  • Sample

    230915-w1ajmahb58

  • MD5

    ee2886e009cbf16384840d7b1255d9b8

  • SHA1

    c59cbb4a739b51a872223eff867e329545645e1c

  • SHA256

    1cb3e47df0f2cad594c70eb15abbf4cd8053aaf93a542c14dbae05d781b0a4c7

  • SHA512

    a18dad57f4ce0252e51fe9d842f4b4c5a9e0c9565fe7e93179973f0babf746f32dc7ee2037ab0d975cc5965e9105b63f1e797cd54e0392640b1ba162d6cae1dc

  • SSDEEP

    1536:YgSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:YMSjOnrmBbMqqMmr3IdE8we0Avu5r++N

Score
10/10
gandcrabpersistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      2023-08-25_ee2886e009cbf16384840d7b1255d9b8_gandcrab_JC.exe

    • Size

      73KB

    • MD5

      ee2886e009cbf16384840d7b1255d9b8

    • SHA1

      c59cbb4a739b51a872223eff867e329545645e1c

    • SHA256

      1cb3e47df0f2cad594c70eb15abbf4cd8053aaf93a542c14dbae05d781b0a4c7

    • SHA512

      a18dad57f4ce0252e51fe9d842f4b4c5a9e0c9565fe7e93179973f0babf746f32dc7ee2037ab0d975cc5965e9105b63f1e797cd54e0392640b1ba162d6cae1dc

    • SSDEEP

      1536:YgSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:YMSjOnrmBbMqqMmr3IdE8we0Avu5r++N

    Score
    6/10
    persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks