gandcrab | 260172c3f585ec0fa0a8454cb1d318eb9748e1b6652c3a3cb1076009398bc4be | Triage

Sharing

General

Target

2025-01-22_061434105c7bdd8b9ad322f68d8b61e4_gandcrab
Size

70KB
Sample

250122-w2yb3sypbs
MD5

061434105c7bdd8b9ad322f68d8b61e4
SHA1

2034fad127f0c3c061b09d9098717013a6b3060c
SHA256

260172c3f585ec0fa0a8454cb1d318eb9748e1b6652c3a3cb1076009398bc4be
SHA512

88b48b70e9214c47471bf2c9a106297d1b09238f0a1f30b317854a58754ff3c3ed26688ad894cff5682a943b9549b7011309f6abf0bab30ffc8b82b639b1771d
SSDEEP

1536:8ZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Dd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-22_061434105c7bdd8b9ad322f68d8b61e4_gandcrab
- Size
  
  70KB
- MD5
  
  061434105c7bdd8b9ad322f68d8b61e4
- SHA1
  
  2034fad127f0c3c061b09d9098717013a6b3060c
- SHA256
  
  260172c3f585ec0fa0a8454cb1d318eb9748e1b6652c3a3cb1076009398bc4be
- SHA512
  
  88b48b70e9214c47471bf2c9a106297d1b09238f0a1f30b317854a58754ff3c3ed26688ad894cff5682a943b9549b7011309f6abf0bab30ffc8b82b639b1771d
- SSDEEP
  
  1536:8ZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Dd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence