gandcrab | 66baea97d453141a4ed5f7d8f9f8a91b23022ac6f0a7cd7e4bd6d15bebae6a78 | Triage

Sharing

General

Target

2024-04-19_3206ea7af0c0b57e0ab6810beb9f8d8d_gandcrab
Size

83KB
Sample

240419-d7pm1sgf5t
MD5

3206ea7af0c0b57e0ab6810beb9f8d8d
SHA1

2d0ccd8d3efa8d6a1a9a22a51dbcc6c624a1bccc
SHA256

66baea97d453141a4ed5f7d8f9f8a91b23022ac6f0a7cd7e4bd6d15bebae6a78
SHA512

c72b6cf93a50b167ba1f38977bce24eaa5cadd03defd066393bded8431d6cc60a8813bcf793f9c25734037d08b2cabc7fe5eb3654673dd50865754d98183ee50
SSDEEP

1536:b55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r5:nMSjOnrmBTMqqDL2/mr3IdE8we0Avu5l

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  2024-04-19_3206ea7af0c0b57e0ab6810beb9f8d8d_gandcrab
- Size
  
  83KB
- MD5
  
  3206ea7af0c0b57e0ab6810beb9f8d8d
- SHA1
  
  2d0ccd8d3efa8d6a1a9a22a51dbcc6c624a1bccc
- SHA256
  
  66baea97d453141a4ed5f7d8f9f8a91b23022ac6f0a7cd7e4bd6d15bebae6a78
- SHA512
  
  c72b6cf93a50b167ba1f38977bce24eaa5cadd03defd066393bded8431d6cc60a8813bcf793f9c25734037d08b2cabc7fe5eb3654673dd50865754d98183ee50
- SSDEEP
  
  1536:b55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r5:nMSjOnrmBTMqqDL2/mr3IdE8we0Avu5l
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2