gandcrab | 913a9e1f6fd1a7c7f30fbe71b284b64152bd4df81b04cea01f4f61cec5dbece1 | Triage

Sharing

General

Target

2024-04-18_b1bd094deea381a4c508f9c968e85b04_gandcrab
Size

88KB
Sample

240418-jtavlafd55
MD5

b1bd094deea381a4c508f9c968e85b04
SHA1

ae90c44d6a107710e1693ee48b86180bf3fd49c8
SHA256

913a9e1f6fd1a7c7f30fbe71b284b64152bd4df81b04cea01f4f61cec5dbece1
SHA512

f57d15560c896977a9be98af72c1ab801649ccf11295623960cc561f17b056535fec01a6eaf5946b830d55f1660271eb261b617a8ea98175cb963f581df520a0
SSDEEP

1536:qrsWDX9pwpQUMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:qjDX9pwzMqqDL2/mr3IdE8we0Avu5r+g

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  2024-04-18_b1bd094deea381a4c508f9c968e85b04_gandcrab
- Size
  
  88KB
- MD5
  
  b1bd094deea381a4c508f9c968e85b04
- SHA1
  
  ae90c44d6a107710e1693ee48b86180bf3fd49c8
- SHA256
  
  913a9e1f6fd1a7c7f30fbe71b284b64152bd4df81b04cea01f4f61cec5dbece1
- SHA512
  
  f57d15560c896977a9be98af72c1ab801649ccf11295623960cc561f17b056535fec01a6eaf5946b830d55f1660271eb261b617a8ea98175cb963f581df520a0
- SSDEEP
  
  1536:qrsWDX9pwpQUMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:qjDX9pwzMqqDL2/mr3IdE8we0Avu5r+g
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2