gandcrab | 11547a3d94e29e30071c7be683c11d6c99ad9825de81b9bcb355956d554dead6 | Triage

Sharing

General

Target

2024-04-27_24919643540c214323ab51c25098bc4c_gandcrab
Size

74KB
Sample

240427-2b18yahh55
MD5

24919643540c214323ab51c25098bc4c
SHA1

6164d1dd531bd601751875cff3135bcb3af79b91
SHA256

11547a3d94e29e30071c7be683c11d6c99ad9825de81b9bcb355956d554dead6
SHA512

361a0fef6bd094eac83abb403866396ae70cd4284cd320fe19c5acac40e9cfb83315547b9a10b851edbcc8bffa7e325d9e5c63c4de0db01bb8d15e2a0568b3d7
SSDEEP

1536:x55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rS:5MSjOnrmBTMqqDL2/mr3IdE8we0Avu5O

Score

10^/10

gandcrab persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  2024-04-27_24919643540c214323ab51c25098bc4c_gandcrab
- Size
  
  74KB
- MD5
  
  24919643540c214323ab51c25098bc4c
- SHA1
  
  6164d1dd531bd601751875cff3135bcb3af79b91
- SHA256
  
  11547a3d94e29e30071c7be683c11d6c99ad9825de81b9bcb355956d554dead6
- SHA512
  
  361a0fef6bd094eac83abb403866396ae70cd4284cd320fe19c5acac40e9cfb83315547b9a10b851edbcc8bffa7e325d9e5c63c4de0db01bb8d15e2a0568b3d7
- SSDEEP
  
  1536:x55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rS:5MSjOnrmBTMqqDL2/mr3IdE8we0Avu5O
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2