gandcrab | 326f699da0d5ec80c3d122a768e9625f6ca492ae05420325f9551d4663c235fb | Triage

Sharing

General

Target

2025-01-01_8c231ddce8c8d4996dec71a33d45ced3_gandcrab
Size

74KB
Sample

250101-ym23tstmar
MD5

8c231ddce8c8d4996dec71a33d45ced3
SHA1

9525f7b77901b14f886214bf4ce101408ef5cbd7
SHA256

326f699da0d5ec80c3d122a768e9625f6ca492ae05420325f9551d4663c235fb
SHA512

6cfc4b815b54ed8618c4ff0bb37d6e175f53af41e867bb1d5c3b2a86f9a1f80ecf6edf9f13e37606fd11f239c99813276772f2d65c7133b9e5ef49c101193b58
SSDEEP

1536:QZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvdp:+BounVyFHpfMqqDL2/LkvduAAk

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-01_8c231ddce8c8d4996dec71a33d45ced3_gandcrab
- Size
  
  74KB
- MD5
  
  8c231ddce8c8d4996dec71a33d45ced3
- SHA1
  
  9525f7b77901b14f886214bf4ce101408ef5cbd7
- SHA256
  
  326f699da0d5ec80c3d122a768e9625f6ca492ae05420325f9551d4663c235fb
- SHA512
  
  6cfc4b815b54ed8618c4ff0bb37d6e175f53af41e867bb1d5c3b2a86f9a1f80ecf6edf9f13e37606fd11f239c99813276772f2d65c7133b9e5ef49c101193b58
- SSDEEP
  
  1536:QZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvdp:+BounVyFHpfMqqDL2/LkvduAAk
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence