gandcrab | 1b7aec766c72db2bba49f5e8854c5619d9ad0372d1a6d65842538f7de8878fb3 | Triage

Sharing

General

Target

2025-01-07_b2da4342ded63ec02199d6dd54c46e0d_gandcrab
Size

573KB
Sample

250107-lfsvcsvmd1
MD5

b2da4342ded63ec02199d6dd54c46e0d
SHA1

ec7e8f849061d083ee23915e1b4974dee5528a2b
SHA256

1b7aec766c72db2bba49f5e8854c5619d9ad0372d1a6d65842538f7de8878fb3
SHA512

bb85bb9d7f995098e1c3ec63c8b5c1fb3c184679fec78d82ad3fc6ea53295fa9764ef07dbfd2d743416c32cc9fb3f3a29a007b79564fc8464b04980ced87b384
SSDEEP

12288:sTOneqn6cDKWqQqkd1BtOkodxduog/TXJa/x82IErOJs:w1+6cDKWNGuog/TXJmxO

Score

10^/10

gandcrab discovery persistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  2025-01-07_b2da4342ded63ec02199d6dd54c46e0d_gandcrab
- Size
  
  573KB
- MD5
  
  b2da4342ded63ec02199d6dd54c46e0d
- SHA1
  
  ec7e8f849061d083ee23915e1b4974dee5528a2b
- SHA256
  
  1b7aec766c72db2bba49f5e8854c5619d9ad0372d1a6d65842538f7de8878fb3
- SHA512
  
  bb85bb9d7f995098e1c3ec63c8b5c1fb3c184679fec78d82ad3fc6ea53295fa9764ef07dbfd2d743416c32cc9fb3f3a29a007b79564fc8464b04980ced87b384
- SSDEEP
  
  12288:sTOneqn6cDKWqQqkd1BtOkodxduog/TXJa/x82IErOJs:w1+6cDKWNGuog/TXJmxO
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence