gandcrab | 0b5229d516f2f09e8b7decda3568aeb73f7244119a91b901e9ecc6ea251b1c9e | Triage

Sharing

General

Target

2025-01-05_7d18ba177ac0caeffd32485a72ad00ef_gandcrab
Size

88KB
Sample

250105-g7rn6avpfw
MD5

7d18ba177ac0caeffd32485a72ad00ef
SHA1

25d9b271fe17f43505c6939f2e48697f916e1110
SHA256

0b5229d516f2f09e8b7decda3568aeb73f7244119a91b901e9ecc6ea251b1c9e
SHA512

a78bd82454c3672d3e2f2b44f34d3899961ddbc5e76fa015ccbb507860ab9bec69ae4f0222c3ed2bb21503f6e48c3209134bc769c693a8db61f6b4f9aed557a0
SSDEEP

1536:tbbbbbbbb7JPbnCIl1Y5VNdvgQQ3MqqUM2Lkvd6:zzCIlY/dTQ3MqqMLkvd

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-05_7d18ba177ac0caeffd32485a72ad00ef_gandcrab
- Size
  
  88KB
- MD5
  
  7d18ba177ac0caeffd32485a72ad00ef
- SHA1
  
  25d9b271fe17f43505c6939f2e48697f916e1110
- SHA256
  
  0b5229d516f2f09e8b7decda3568aeb73f7244119a91b901e9ecc6ea251b1c9e
- SHA512
  
  a78bd82454c3672d3e2f2b44f34d3899961ddbc5e76fa015ccbb507860ab9bec69ae4f0222c3ed2bb21503f6e48c3209134bc769c693a8db61f6b4f9aed557a0
- SSDEEP
  
  1536:tbbbbbbbb7JPbnCIl1Y5VNdvgQQ3MqqUM2Lkvd6:zzCIlY/dTQ3MqqMLkvd
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence