gandcrab | 559c97e8732a624ec9a3b81af7224a53f1db66065f5e888fc41e0a8aecede98f | Triage

Sharing

General

Target

2025-01-23_02632ba78cc84e0a4d4019f773e68ad5_gandcrab
Size

69KB
Sample

250123-dxwzca1kcl
MD5

02632ba78cc84e0a4d4019f773e68ad5
SHA1

0721e86ad5a977d08b4a4b189b1131db103357a6
SHA256

559c97e8732a624ec9a3b81af7224a53f1db66065f5e888fc41e0a8aecede98f
SHA512

542ba408d80f100142e00aa1ebee28e18bacaf3824249d733e3b0e7470b02cc2794250cbbb8f5c0b7ffd0d4d866ed23e685b1e5e729e50490f84cca8c3179154
SSDEEP

1536:TZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:jBounVyFHpfMqqDL2/Lkvd

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-23_02632ba78cc84e0a4d4019f773e68ad5_gandcrab
- Size
  
  69KB
- MD5
  
  02632ba78cc84e0a4d4019f773e68ad5
- SHA1
  
  0721e86ad5a977d08b4a4b189b1131db103357a6
- SHA256
  
  559c97e8732a624ec9a3b81af7224a53f1db66065f5e888fc41e0a8aecede98f
- SHA512
  
  542ba408d80f100142e00aa1ebee28e18bacaf3824249d733e3b0e7470b02cc2794250cbbb8f5c0b7ffd0d4d866ed23e685b1e5e729e50490f84cca8c3179154
- SSDEEP
  
  1536:TZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:jBounVyFHpfMqqDL2/Lkvd
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence