gandcrab | 42fbf708555b08511605ede718fd84bca871287ef61f201e81aa8251805e2112 | Triage

Sharing

General

Target

2023-08-25_f367ac1f39b9acb546e742cfc3de6396_gandcrab_JC.exe
Size

73KB
Sample

230915-xcap6aed9y
MD5

f367ac1f39b9acb546e742cfc3de6396
SHA1

a348fb4ae2399dcce74a95327c9171fb144e88bb
SHA256

42fbf708555b08511605ede718fd84bca871287ef61f201e81aa8251805e2112
SHA512

554e3579bee7813e529a301594df558841f4de2d277b0ef1ad57745aef8b049c38bd368e3b34859f83900a37b39a40009b08d5b3ee03f8c3b9e10f93556c4c4e
SSDEEP

1536:y55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:IMSjOnrmBTMqqDL2/mr3IdE8we0Avu5h

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  2023-08-25_f367ac1f39b9acb546e742cfc3de6396_gandcrab_JC.exe
- Size
  
  73KB
- MD5
  
  f367ac1f39b9acb546e742cfc3de6396
- SHA1
  
  a348fb4ae2399dcce74a95327c9171fb144e88bb
- SHA256
  
  42fbf708555b08511605ede718fd84bca871287ef61f201e81aa8251805e2112
- SHA512
  
  554e3579bee7813e529a301594df558841f4de2d277b0ef1ad57745aef8b049c38bd368e3b34859f83900a37b39a40009b08d5b3ee03f8c3b9e10f93556c4c4e
- SSDEEP
  
  1536:y55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:IMSjOnrmBTMqqDL2/mr3IdE8we0Avu5h
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2