gandcrab | a6667dc04d26a414656eacec099feda4f11f5affb1fd61c734cb99de4d2fe113 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-18_1076104f1bdbf769ba86fcdf00cde704_gandcrab
Size

88KB
Sample

240218-cvcx1sdc45
MD5

1076104f1bdbf769ba86fcdf00cde704
SHA1

eda1aee01b9d3780489a4b3563fcf9ed2b4166b5
SHA256

a6667dc04d26a414656eacec099feda4f11f5affb1fd61c734cb99de4d2fe113
SHA512

fe31256a27567ce07bb0163892faf58b00f187be958922642acd668203683bdf3a17c0b32cfcb1e6c00fa097d6a59a3b1043d5f7ccad32c993d9b57ef1c84b03
SSDEEP

1536:VrsWDX9pwpQUMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:VjDX9pwzMqqDL2/mr3IdE8we0Avu5r+g

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  2024-02-18_1076104f1bdbf769ba86fcdf00cde704_gandcrab
- Size
  
  88KB
- MD5
  
  1076104f1bdbf769ba86fcdf00cde704
- SHA1
  
  eda1aee01b9d3780489a4b3563fcf9ed2b4166b5
- SHA256
  
  a6667dc04d26a414656eacec099feda4f11f5affb1fd61c734cb99de4d2fe113
- SHA512
  
  fe31256a27567ce07bb0163892faf58b00f187be958922642acd668203683bdf3a17c0b32cfcb1e6c00fa097d6a59a3b1043d5f7ccad32c993d9b57ef1c84b03
- SSDEEP
  
  1536:VrsWDX9pwpQUMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:VjDX9pwzMqqDL2/mr3IdE8we0Avu5r+g
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2