General

  • Target

    2024-06-15_d4db544fa0949e4cc2e0f95fd3682195_gandcrab

  • Size

    109KB

  • Sample

    240615-qjnr2awbkr

  • MD5

    d4db544fa0949e4cc2e0f95fd3682195

  • SHA1

    6970bc317c02145c3a094b8f8f7992327f4ead73

  • SHA256

    6b13ad5a77aad12170346f53236c947e0de40ae8f22dd506b65f57c7d0b30eda

  • SHA512

    ae267d952e0b7dd0daf261c551c0f9feb4785e64e935753e0f628e7873486d8efc21c989c161a8dcc7adc9c081bfa094f533708d8004c68d17007f113de2e7b1

  • SSDEEP

    3072:mMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6C:mXjOnr6jqqDL6aprYS6C

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      2024-06-15_d4db544fa0949e4cc2e0f95fd3682195_gandcrab

    • Size

      109KB

    • MD5

      d4db544fa0949e4cc2e0f95fd3682195

    • SHA1

      6970bc317c02145c3a094b8f8f7992327f4ead73

    • SHA256

      6b13ad5a77aad12170346f53236c947e0de40ae8f22dd506b65f57c7d0b30eda

    • SHA512

      ae267d952e0b7dd0daf261c551c0f9feb4785e64e935753e0f628e7873486d8efc21c989c161a8dcc7adc9c081bfa094f533708d8004c68d17007f113de2e7b1

    • SSDEEP

      3072:mMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6C:mXjOnr6jqqDL6aprYS6C

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks