gandcrab | b8583b1681df697b9c21bba3ed6eab822105ad66243215dc0eb81c3d42077442 | Triage

Sharing

General

Target

2025-01-23_0c48200113891a73f89ab7c96f2fd522_gandcrab
Size

69KB
Sample

250123-mfwrpaxmdl
MD5

0c48200113891a73f89ab7c96f2fd522
SHA1

8834fbb03b1cc12c4e83c73a77b68437dc7b97de
SHA256

b8583b1681df697b9c21bba3ed6eab822105ad66243215dc0eb81c3d42077442
SHA512

059ba173de3394108f54244142356a4094d3dc343df861e604788d93a7e6ea9ceace8bded686b5d9a87d8240a4387d933007f513408898ae84520c944d3248ae
SSDEEP

1536:nZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:vBounVyFHpfMqqDL2/Lkvd

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-23_0c48200113891a73f89ab7c96f2fd522_gandcrab
- Size
  
  69KB
- MD5
  
  0c48200113891a73f89ab7c96f2fd522
- SHA1
  
  8834fbb03b1cc12c4e83c73a77b68437dc7b97de
- SHA256
  
  b8583b1681df697b9c21bba3ed6eab822105ad66243215dc0eb81c3d42077442
- SHA512
  
  059ba173de3394108f54244142356a4094d3dc343df861e604788d93a7e6ea9ceace8bded686b5d9a87d8240a4387d933007f513408898ae84520c944d3248ae
- SSDEEP
  
  1536:nZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:vBounVyFHpfMqqDL2/Lkvd
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence