gandcrab | 4a8824ec631155b422eae4ef6db4b723e1a5818c68128e6a2f5011bd4d9dc96b | Triage

Sharing

General

Target

2024-04-18_4d7be77a6655b65d55dddb035b3dca74_gandcrab
Size

88KB
Sample

240418-jfkgwagc8v
MD5

4d7be77a6655b65d55dddb035b3dca74
SHA1

693b587f4cd59a34c85069f60d376c12d13cb5bb
SHA256

4a8824ec631155b422eae4ef6db4b723e1a5818c68128e6a2f5011bd4d9dc96b
SHA512

2773784c96aaac3dfee7883aebec445647c736b8f0e8dfda94e395ee9c3dcf45d2bcc270eaa8967a4338aec82c7a1baadebefabd3186d6480678a2926bc617f2
SSDEEP

1536:QrsWDX9pwpQUMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:QjDX9pwzMqqDL2/mr3IdE8we0Avu5r+g

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  2024-04-18_4d7be77a6655b65d55dddb035b3dca74_gandcrab
- Size
  
  88KB
- MD5
  
  4d7be77a6655b65d55dddb035b3dca74
- SHA1
  
  693b587f4cd59a34c85069f60d376c12d13cb5bb
- SHA256
  
  4a8824ec631155b422eae4ef6db4b723e1a5818c68128e6a2f5011bd4d9dc96b
- SHA512
  
  2773784c96aaac3dfee7883aebec445647c736b8f0e8dfda94e395ee9c3dcf45d2bcc270eaa8967a4338aec82c7a1baadebefabd3186d6480678a2926bc617f2
- SSDEEP
  
  1536:QrsWDX9pwpQUMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:QjDX9pwzMqqDL2/mr3IdE8we0Avu5r+g
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2