gandcrab | c121d616bdde9e1bcadb19740373d501b0bbd15443af58bb8119db33a7da7b0e | Triage

Sharing

General

Target

2025-01-01_28871537b0d0e4683631e48c24a1917f_gandcrab
Size

74KB
Sample

250101-1dlqlavpfw
MD5

28871537b0d0e4683631e48c24a1917f
SHA1

08d2df77fc925d6f59ef4963674530eb5080a74b
SHA256

c121d616bdde9e1bcadb19740373d501b0bbd15443af58bb8119db33a7da7b0e
SHA512

cf38b2efc6c039f020fda75cae54189fd271d9457698c95df7bfce59690a73930228f1213378fb212bb9e9fdab36d433c4819f59d08fbc5c5c0c03066ba831a0
SSDEEP

1536:oZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvdp:mBounVyFHpfMqqDL2/LkvduAAk

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-01_28871537b0d0e4683631e48c24a1917f_gandcrab
- Size
  
  74KB
- MD5
  
  28871537b0d0e4683631e48c24a1917f
- SHA1
  
  08d2df77fc925d6f59ef4963674530eb5080a74b
- SHA256
  
  c121d616bdde9e1bcadb19740373d501b0bbd15443af58bb8119db33a7da7b0e
- SHA512
  
  cf38b2efc6c039f020fda75cae54189fd271d9457698c95df7bfce59690a73930228f1213378fb212bb9e9fdab36d433c4819f59d08fbc5c5c0c03066ba831a0
- SSDEEP
  
  1536:oZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvdp:mBounVyFHpfMqqDL2/LkvduAAk
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence