gandcrab | 1af58ea647082137e0e76a0e879fc3052afd351193d6a3962706499474e63591 | Triage

Sharing

General

Target

2025-01-23_0b154247d3fcf1c6a2f4e72c143e5ff3_gandcrab
Size

70KB
Sample

250123-ngm2lsyjct
MD5

0b154247d3fcf1c6a2f4e72c143e5ff3
SHA1

e70ac9d1f0c2e1f334c8e7d1713aab4dfaabc155
SHA256

1af58ea647082137e0e76a0e879fc3052afd351193d6a3962706499474e63591
SHA512

401aa0e439ae4aeeed95a3caac177e2c8e1749d5f82164faa9ddaa8397f2a74e4d0eda8fb451489be29a406642ef0f9ac3eeeb173aa1dbf927f16c02fe2d564b
SSDEEP

1536:jzzzzzzzzADypczUk+lkZJWMqqUM2Ovvd67:cd5BJWMqqMOvvd

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-23_0b154247d3fcf1c6a2f4e72c143e5ff3_gandcrab
- Size
  
  70KB
- MD5
  
  0b154247d3fcf1c6a2f4e72c143e5ff3
- SHA1
  
  e70ac9d1f0c2e1f334c8e7d1713aab4dfaabc155
- SHA256
  
  1af58ea647082137e0e76a0e879fc3052afd351193d6a3962706499474e63591
- SHA512
  
  401aa0e439ae4aeeed95a3caac177e2c8e1749d5f82164faa9ddaa8397f2a74e4d0eda8fb451489be29a406642ef0f9ac3eeeb173aa1dbf927f16c02fe2d564b
- SSDEEP
  
  1536:jzzzzzzzzADypczUk+lkZJWMqqUM2Ovvd67:cd5BJWMqqMOvvd
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence