gandcrab | f6f8acc1dbc6bb8511f558e4049cfc8cc12b278af79600139da76a79e566ce7c | Triage

Sharing

General

Target

2025-01-23_04c9a02dcba965099f8564e577695964_gandcrab
Size

70KB
Sample

250123-w1fewazngm
MD5

04c9a02dcba965099f8564e577695964
SHA1

8835c05136e2b50c5fe774558b149faedbdec121
SHA256

f6f8acc1dbc6bb8511f558e4049cfc8cc12b278af79600139da76a79e566ce7c
SHA512

50d5c12cb6f7987e2e50fa630ac1bfee37f288bb7318c185be370d81d93c4d979a72ec87ed90afa2c17b6c992b363935b359aa8174c25e6d634ece6bd178bbb7
SSDEEP

1536:sZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:zd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-23_04c9a02dcba965099f8564e577695964_gandcrab
- Size
  
  70KB
- MD5
  
  04c9a02dcba965099f8564e577695964
- SHA1
  
  8835c05136e2b50c5fe774558b149faedbdec121
- SHA256
  
  f6f8acc1dbc6bb8511f558e4049cfc8cc12b278af79600139da76a79e566ce7c
- SHA512
  
  50d5c12cb6f7987e2e50fa630ac1bfee37f288bb7318c185be370d81d93c4d979a72ec87ed90afa2c17b6c992b363935b359aa8174c25e6d634ece6bd178bbb7
- SSDEEP
  
  1536:sZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:zd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence