gandcrab | 817e1707b0b9f29ab29977f3b06e7a4dccfeb2613f37975f5ac5c67c81939e4f | Triage

Sharing

General

Target

2025-01-23_19d90f6475c8a9bb7541848912677f5f_gandcrab
Size

70KB
Sample

250123-z9gk3svrap
MD5

19d90f6475c8a9bb7541848912677f5f
SHA1

2ca7f975367f0e2d1d26dba56e9443d21d7a94a4
SHA256

817e1707b0b9f29ab29977f3b06e7a4dccfeb2613f37975f5ac5c67c81939e4f
SHA512

6b05ad26fb45a991961678180101c011f8851351180677d8479fb9dd7fb83c801a21a5f7381acc0b6900e33cc920bfd8280edb84509d2a27d814ec0594b854af
SSDEEP

1536:8ZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Dd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-23_19d90f6475c8a9bb7541848912677f5f_gandcrab
- Size
  
  70KB
- MD5
  
  19d90f6475c8a9bb7541848912677f5f
- SHA1
  
  2ca7f975367f0e2d1d26dba56e9443d21d7a94a4
- SHA256
  
  817e1707b0b9f29ab29977f3b06e7a4dccfeb2613f37975f5ac5c67c81939e4f
- SHA512
  
  6b05ad26fb45a991961678180101c011f8851351180677d8479fb9dd7fb83c801a21a5f7381acc0b6900e33cc920bfd8280edb84509d2a27d814ec0594b854af
- SSDEEP
  
  1536:8ZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Dd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence