gandcrab | 0524336160fbf911ada6a48f262f01f1aa1ad2beaa04813cf40fbbbbae5e5e04 | Triage

Sharing

General

Target

2024-04-18_76de813fdd508a1d6cd26049b41f613b_gandcrab
Size

88KB
Sample

240418-jklkqsge2w
MD5

76de813fdd508a1d6cd26049b41f613b
SHA1

e3be07a73c4339a003cdc626bf6dc570e55fc374
SHA256

0524336160fbf911ada6a48f262f01f1aa1ad2beaa04813cf40fbbbbae5e5e04
SHA512

2bf33abcd53ec9513ef7781ae785cc65067543575a7cc735c7e31c3747a13c217802ad2c30483ec60a063acf24cd5efb1bdd30093b29e1fb51039c1af5211411
SSDEEP

1536:8rsWDX9pwpQUMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:8jDX9pwzMqqDL2/mr3IdE8we0Avu5r+g

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  2024-04-18_76de813fdd508a1d6cd26049b41f613b_gandcrab
- Size
  
  88KB
- MD5
  
  76de813fdd508a1d6cd26049b41f613b
- SHA1
  
  e3be07a73c4339a003cdc626bf6dc570e55fc374
- SHA256
  
  0524336160fbf911ada6a48f262f01f1aa1ad2beaa04813cf40fbbbbae5e5e04
- SHA512
  
  2bf33abcd53ec9513ef7781ae785cc65067543575a7cc735c7e31c3747a13c217802ad2c30483ec60a063acf24cd5efb1bdd30093b29e1fb51039c1af5211411
- SSDEEP
  
  1536:8rsWDX9pwpQUMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:8jDX9pwzMqqDL2/mr3IdE8we0Avu5r+g
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2