gandcrab | a0837dff32501a8cc5db0428215f76566da9cf8b0cb7ef337a86a9d0d208341a | Triage

Sharing

General

Target

97d5f70be1dd90dcf07f3f9721d8a714.bin
Size

73KB
Sample

240225-dd92vsad54
MD5

97d5f70be1dd90dcf07f3f9721d8a714
SHA1

b5a01b515c2e09e352803c96be2e9d7c3a9dab48
SHA256

a0837dff32501a8cc5db0428215f76566da9cf8b0cb7ef337a86a9d0d208341a
SHA512

d245bcf9e7c576383701215f7eea37b72b0ac2ef705711e097c3b6c68a5e50803b82fe057beec30b0e58b9e8997f14b7580dfc377a204026f94157cd60c3cd41
SSDEEP

1536:q555555555555pmgSeGDjtQhnwmmB0yJMqqU+2bbbAV2/S2mr3IdE8mne0Avu5ry:bMSjOnrmBxMqqDL2/mr3IdE8we0Avu5h

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  97d5f70be1dd90dcf07f3f9721d8a714.bin
- Size
  
  73KB
- MD5
  
  97d5f70be1dd90dcf07f3f9721d8a714
- SHA1
  
  b5a01b515c2e09e352803c96be2e9d7c3a9dab48
- SHA256
  
  a0837dff32501a8cc5db0428215f76566da9cf8b0cb7ef337a86a9d0d208341a
- SHA512
  
  d245bcf9e7c576383701215f7eea37b72b0ac2ef705711e097c3b6c68a5e50803b82fe057beec30b0e58b9e8997f14b7580dfc377a204026f94157cd60c3cd41
- SSDEEP
  
  1536:q555555555555pmgSeGDjtQhnwmmB0yJMqqU+2bbbAV2/S2mr3IdE8mne0Avu5ry:bMSjOnrmBxMqqDL2/mr3IdE8we0Avu5h
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2