gandcrab | 16fd7f1030c82906c048f067838f2e7b2e038422b0f55425e91e147950a8fc28 | Triage

Sharing

General

Target

2025-01-23_12f5bc5644933f85dc64a913087247f6_gandcrab
Size

70KB
Sample

250123-aqj5essrbw
MD5

12f5bc5644933f85dc64a913087247f6
SHA1

04e6ebe04ff9a51147da4fd1c7b26dbc2e3b5e7e
SHA256

16fd7f1030c82906c048f067838f2e7b2e038422b0f55425e91e147950a8fc28
SHA512

7c06db37edefc84330646d7a62978e45ae66d70e60acfc782e1b6899eae4d2e89046fd5f08d593b022a40f9a2e268586c3072fa80ac6ed1d398c480b974cb103
SSDEEP

1536:vZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZM:Gd5BJHMqqDL2/Ovvdr+

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-23_12f5bc5644933f85dc64a913087247f6_gandcrab
- Size
  
  70KB
- MD5
  
  12f5bc5644933f85dc64a913087247f6
- SHA1
  
  04e6ebe04ff9a51147da4fd1c7b26dbc2e3b5e7e
- SHA256
  
  16fd7f1030c82906c048f067838f2e7b2e038422b0f55425e91e147950a8fc28
- SHA512
  
  7c06db37edefc84330646d7a62978e45ae66d70e60acfc782e1b6899eae4d2e89046fd5f08d593b022a40f9a2e268586c3072fa80ac6ed1d398c480b974cb103
- SSDEEP
  
  1536:vZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZM:Gd5BJHMqqDL2/Ovvdr+
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence