gandcrab | 50b5bd4672085abe7832506ceadd57e4ebeb0340518ffab2c6d7c8f01972c4e5 | Triage

Sharing

General

Target

2025-01-05_d8670ee8ff9fa99bbcb7b442a06d23e9_gandcrab
Size

88KB
Sample

250105-czktes1jcn
MD5

d8670ee8ff9fa99bbcb7b442a06d23e9
SHA1

b36381acefe5a78caa7535394867cffb10d78084
SHA256

50b5bd4672085abe7832506ceadd57e4ebeb0340518ffab2c6d7c8f01972c4e5
SHA512

d53b91ecec6ce289b8903d0c3a9424f4170dc268ca78e864626c5253e52206e6d45a6f20519e6b0b0cf3d4d09690139069351f54259f41d854b438efa3bdc706
SSDEEP

1536:rbbbbbbbb7JPbnCIl1Y5VNdvgQQ3MqqUM2Lkvd6:pzCIlY/dTQ3MqqMLkvd

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-05_d8670ee8ff9fa99bbcb7b442a06d23e9_gandcrab
- Size
  
  88KB
- MD5
  
  d8670ee8ff9fa99bbcb7b442a06d23e9
- SHA1
  
  b36381acefe5a78caa7535394867cffb10d78084
- SHA256
  
  50b5bd4672085abe7832506ceadd57e4ebeb0340518ffab2c6d7c8f01972c4e5
- SHA512
  
  d53b91ecec6ce289b8903d0c3a9424f4170dc268ca78e864626c5253e52206e6d45a6f20519e6b0b0cf3d4d09690139069351f54259f41d854b438efa3bdc706
- SSDEEP
  
  1536:rbbbbbbbb7JPbnCIl1Y5VNdvgQQ3MqqUM2Lkvd6:pzCIlY/dTQ3MqqMLkvd
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence