gandcrab | dc54398491b9782a25c5a4f7295162b2679221e6eb0000223def7996459bff19 | Triage

Sharing

General

Target

2025-01-23_0ec5ed156e0602001d0161318e2b5fd2_gandcrab
Size

70KB
Sample

250123-qmj81s1ldy
MD5

0ec5ed156e0602001d0161318e2b5fd2
SHA1

bffbf72bd68a4ed09a5f24cc87b2745089e5cac1
SHA256

dc54398491b9782a25c5a4f7295162b2679221e6eb0000223def7996459bff19
SHA512

6af2d8249b54c0c8e2e51e3e8f88ee3c8831e3c44411723313d6b71dcb3cd0b67f29af96e72ef9c6fc8c6c20c61a46834081638ba1d0549ff91a5fd8ddf96850
SSDEEP

1536:jZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZM:Sd5BJHMqqDL2/Ovvdr+

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-23_0ec5ed156e0602001d0161318e2b5fd2_gandcrab
- Size
  
  70KB
- MD5
  
  0ec5ed156e0602001d0161318e2b5fd2
- SHA1
  
  bffbf72bd68a4ed09a5f24cc87b2745089e5cac1
- SHA256
  
  dc54398491b9782a25c5a4f7295162b2679221e6eb0000223def7996459bff19
- SHA512
  
  6af2d8249b54c0c8e2e51e3e8f88ee3c8831e3c44411723313d6b71dcb3cd0b67f29af96e72ef9c6fc8c6c20c61a46834081638ba1d0549ff91a5fd8ddf96850
- SSDEEP
  
  1536:jZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZM:Sd5BJHMqqDL2/Ovvdr+
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence