gandcrab | 4d952bfef71ae7dc7d295659a80a4cc155e2686d35dc4e3a639c4b67d5aef89f | Triage

Sharing

General

Target

2025-01-24_19ec7c777f04e4115bd549b0e234afdb_gandcrab
Size

70KB
Sample

250124-h8s42swrcw
MD5

19ec7c777f04e4115bd549b0e234afdb
SHA1

f0b68e2cb04e4edacf2df59d143739dabb0bb0cb
SHA256

4d952bfef71ae7dc7d295659a80a4cc155e2686d35dc4e3a639c4b67d5aef89f
SHA512

32e6d09dff4efc3ab2cdbb7f7445d01f16100d5c8b0062bc4388e03d16c3e271cca0af0e05eb6ddb907cfc6885705e751c46eedc112ccdecb7efe81927dfa9d6
SSDEEP

1536:uZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Nd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-24_19ec7c777f04e4115bd549b0e234afdb_gandcrab
- Size
  
  70KB
- MD5
  
  19ec7c777f04e4115bd549b0e234afdb
- SHA1
  
  f0b68e2cb04e4edacf2df59d143739dabb0bb0cb
- SHA256
  
  4d952bfef71ae7dc7d295659a80a4cc155e2686d35dc4e3a639c4b67d5aef89f
- SHA512
  
  32e6d09dff4efc3ab2cdbb7f7445d01f16100d5c8b0062bc4388e03d16c3e271cca0af0e05eb6ddb907cfc6885705e751c46eedc112ccdecb7efe81927dfa9d6
- SSDEEP
  
  1536:uZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Nd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence