gandcrab | 384652d1a1d2ee0a022ab156b3e209c5d010b4c097bffd81c9a2c8f39788085f | Triage

Sharing

General

Target

2024-04-18_0d03d6d3ba7459f1d0e09e8445d7dbcb_gandcrab
Size

88KB
Sample

240418-h97ntseg36
MD5

0d03d6d3ba7459f1d0e09e8445d7dbcb
SHA1

75d8e8c49b0c311f139efd974bed27abe68f8bed
SHA256

384652d1a1d2ee0a022ab156b3e209c5d010b4c097bffd81c9a2c8f39788085f
SHA512

9826c3ef24758b0e061d71c492882521d8d4953867a4beb2d392920ff1d52556e49663571bdb1556f47c3c05a229790292cc14637864787794ffe72626763852
SSDEEP

1536:drsWDX9pwpQUMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:djDX9pwzMqqDL2/mr3IdE8we0Avu5r+g

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  2024-04-18_0d03d6d3ba7459f1d0e09e8445d7dbcb_gandcrab
- Size
  
  88KB
- MD5
  
  0d03d6d3ba7459f1d0e09e8445d7dbcb
- SHA1
  
  75d8e8c49b0c311f139efd974bed27abe68f8bed
- SHA256
  
  384652d1a1d2ee0a022ab156b3e209c5d010b4c097bffd81c9a2c8f39788085f
- SHA512
  
  9826c3ef24758b0e061d71c492882521d8d4953867a4beb2d392920ff1d52556e49663571bdb1556f47c3c05a229790292cc14637864787794ffe72626763852
- SSDEEP
  
  1536:drsWDX9pwpQUMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:djDX9pwzMqqDL2/mr3IdE8we0Avu5r+g
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2