gandcrab | dcb332d373364c2afa2ab3cad92fa75ec9a95bdb1fb75d25ea3aa25f9f718b01 | Triage

Sharing

General

Target

2023-08-26_02aa943e5187316f29191c0935b45188_gandcrab_JC.exe
Size

73KB
Sample

230916-mj16kscf23
MD5

02aa943e5187316f29191c0935b45188
SHA1

3267e1b01b77c5a9e9a56998b64ee7cd173a4677
SHA256

dcb332d373364c2afa2ab3cad92fa75ec9a95bdb1fb75d25ea3aa25f9f718b01
SHA512

cd963c4a73f0470564affafdb9446eb69dd70a49a41830f1f7b281c4ae9b47eda2aafc816a460c5ca6d4ebebcbf05d167bfefb4321ddf4ef51872646f8403f6a
SSDEEP

1536:zgSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:zMSjOnrmBbMqqMmr3IdE8we0Avu5r++N

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  2023-08-26_02aa943e5187316f29191c0935b45188_gandcrab_JC.exe
- Size
  
  73KB
- MD5
  
  02aa943e5187316f29191c0935b45188
- SHA1
  
  3267e1b01b77c5a9e9a56998b64ee7cd173a4677
- SHA256
  
  dcb332d373364c2afa2ab3cad92fa75ec9a95bdb1fb75d25ea3aa25f9f718b01
- SHA512
  
  cd963c4a73f0470564affafdb9446eb69dd70a49a41830f1f7b281c4ae9b47eda2aafc816a460c5ca6d4ebebcbf05d167bfefb4321ddf4ef51872646f8403f6a
- SSDEEP
  
  1536:zgSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:zMSjOnrmBbMqqMmr3IdE8we0Avu5r++N
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2