gandcrab | 2ee522887cb9f77c6fa209358a87c45123d3d38f8c50eedc6f2417dd2eec37de | Triage

Sharing

General

Target

2023-08-25_f703cb659e157d4eb5e6e2ab6eaf690c_gandcrab_JC.exe
Size

73KB
Sample

230915-xj4ltaee61
MD5

f703cb659e157d4eb5e6e2ab6eaf690c
SHA1

b04abc03d2493767b973775d963a94fbe3383af4
SHA256

2ee522887cb9f77c6fa209358a87c45123d3d38f8c50eedc6f2417dd2eec37de
SHA512

5c5347077939649b04cf17edfb67b45ca2bf2651dfe34a2d7c4198b4f11535c37fbfc022912250da37f1be73348417e68935ba2570b6712640302e7d39e880d1
SSDEEP

1536:5gSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:5MSjOnrmBbMqqMmr3IdE8we0Avu5r++N

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  2023-08-25_f703cb659e157d4eb5e6e2ab6eaf690c_gandcrab_JC.exe
- Size
  
  73KB
- MD5
  
  f703cb659e157d4eb5e6e2ab6eaf690c
- SHA1
  
  b04abc03d2493767b973775d963a94fbe3383af4
- SHA256
  
  2ee522887cb9f77c6fa209358a87c45123d3d38f8c50eedc6f2417dd2eec37de
- SHA512
  
  5c5347077939649b04cf17edfb67b45ca2bf2651dfe34a2d7c4198b4f11535c37fbfc022912250da37f1be73348417e68935ba2570b6712640302e7d39e880d1
- SSDEEP
  
  1536:5gSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:5MSjOnrmBbMqqMmr3IdE8we0Avu5r++N
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2