gandcrab | 4dde59a70f1a5f79f3163e7becce30b4f076abec7d426c427628eb249a1a2aac | Triage

Sharing

General

Target

2025-01-23_25ed4aa63d1a6b78c64d7a16e1eade06_gandcrab
Size

70KB
Sample

250123-rxjwnstqgl
MD5

25ed4aa63d1a6b78c64d7a16e1eade06
SHA1

ba0ffd57a3724d5f56917460c076230f4eba7d79
SHA256

4dde59a70f1a5f79f3163e7becce30b4f076abec7d426c427628eb249a1a2aac
SHA512

5adf9e25146cc2fef12bb62aa642e3a67439e6941f5db4b27bc69f9e63ce959a64f19302e7df45b335046e2daaf2cab5589805329c42fbd5480f9354b89cfe2e
SSDEEP

1536:NZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Md5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-23_25ed4aa63d1a6b78c64d7a16e1eade06_gandcrab
- Size
  
  70KB
- MD5
  
  25ed4aa63d1a6b78c64d7a16e1eade06
- SHA1
  
  ba0ffd57a3724d5f56917460c076230f4eba7d79
- SHA256
  
  4dde59a70f1a5f79f3163e7becce30b4f076abec7d426c427628eb249a1a2aac
- SHA512
  
  5adf9e25146cc2fef12bb62aa642e3a67439e6941f5db4b27bc69f9e63ce959a64f19302e7df45b335046e2daaf2cab5589805329c42fbd5480f9354b89cfe2e
- SSDEEP
  
  1536:NZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Md5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence