gandcrab | f5af4b613f763c5140a4c0450d7d68e6f8bcfbc26efd9a3c3674eabaf6d7c602 | Triage

Sharing

General

Target

2025-01-23_01f43ff5edc1853bceb00cbe9e92fc63_gandcrab
Size

70KB
Sample

250123-ctt5xaymal
MD5

01f43ff5edc1853bceb00cbe9e92fc63
SHA1

fa195f81ff23d8ab563ca2cd02480509d5ef060e
SHA256

f5af4b613f763c5140a4c0450d7d68e6f8bcfbc26efd9a3c3674eabaf6d7c602
SHA512

79c1ca70dd0234b44bc89654edb0532d2e5b3ca0637f0e23da74f7c1a1bbd70c05c76e506eeb89c308fa1816aa2bcd2fa3172ecde4809ca8278da8953a0d134f
SSDEEP

1536:FZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:0d5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-23_01f43ff5edc1853bceb00cbe9e92fc63_gandcrab
- Size
  
  70KB
- MD5
  
  01f43ff5edc1853bceb00cbe9e92fc63
- SHA1
  
  fa195f81ff23d8ab563ca2cd02480509d5ef060e
- SHA256
  
  f5af4b613f763c5140a4c0450d7d68e6f8bcfbc26efd9a3c3674eabaf6d7c602
- SHA512
  
  79c1ca70dd0234b44bc89654edb0532d2e5b3ca0637f0e23da74f7c1a1bbd70c05c76e506eeb89c308fa1816aa2bcd2fa3172ecde4809ca8278da8953a0d134f
- SSDEEP
  
  1536:FZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:0d5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence