Overview

overview

10

Static

static

10

2025-01-03...ab.exe

windows7-x64

6

2025-01-03...ab.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-03_4cbfabcf886ea5e328eb13949884b945_gandcrab

  • Size

    346KB

  • Sample

    250103-le6d3azmdr

  • MD5

    4cbfabcf886ea5e328eb13949884b945

  • SHA1

    a734de15e7e84ff6164431b7d96644d621010537

  • SHA256

    ce63725f479ad5f8877b430583a47a1fe0eb8a58798b9eead2b6d4e6c99861fc

  • SHA512

    be4c23dbe7e8fbb3238858a46651ba814bbd5b24c7abafcfa62fd30ce8440d407801786930c78ec8312d3794af55f7a938954caf589d5d2b619a0c1e6d255b10

  • SSDEEP

    3072:NMSjOnrmBxMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdMEa83Rg0EkmlB1yihDNC+:NXjOnr6aqqDL64vdyQmIihDNCwQIPP

Score
10/10
gandcrabdiscoverypersistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      2025-01-03_4cbfabcf886ea5e328eb13949884b945_gandcrab

    • Size

      346KB

    • MD5

      4cbfabcf886ea5e328eb13949884b945

    • SHA1

      a734de15e7e84ff6164431b7d96644d621010537

    • SHA256

      ce63725f479ad5f8877b430583a47a1fe0eb8a58798b9eead2b6d4e6c99861fc

    • SHA512

      be4c23dbe7e8fbb3238858a46651ba814bbd5b24c7abafcfa62fd30ce8440d407801786930c78ec8312d3794af55f7a938954caf589d5d2b619a0c1e6d255b10

    • SSDEEP

      3072:NMSjOnrmBxMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdMEa83Rg0EkmlB1yihDNC+:NXjOnr6aqqDL64vdyQmIihDNCwQIPP

    Score
    6/10
    discoverypersistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks