gandcrab | 262911acd1502d54fa15c0b7f83c0c0441a200d6bb51c1643a12cad261cf2196 | Triage

Sharing

General

Target

2025-01-24_1bc4fbe8a793cd547d8d89121ecac4a5_gandcrab
Size

70KB
Sample

250124-lc5praspfn
MD5

1bc4fbe8a793cd547d8d89121ecac4a5
SHA1

c9d59381d0470b4c10b855c41e02734be1e48db4
SHA256

262911acd1502d54fa15c0b7f83c0c0441a200d6bb51c1643a12cad261cf2196
SHA512

556285d6225804ffd5f8a6efaec702a8b93bce117976f89442f36c8cfd9e7f0566f1838f1c3b1710bb23f6b15de69a6dbd9b4e20a3b1fffb0c17b1a95daccbf5
SSDEEP

1536:lZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZM:Ud5BJHMqqDL2/Ovvdr+

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-24_1bc4fbe8a793cd547d8d89121ecac4a5_gandcrab
- Size
  
  70KB
- MD5
  
  1bc4fbe8a793cd547d8d89121ecac4a5
- SHA1
  
  c9d59381d0470b4c10b855c41e02734be1e48db4
- SHA256
  
  262911acd1502d54fa15c0b7f83c0c0441a200d6bb51c1643a12cad261cf2196
- SHA512
  
  556285d6225804ffd5f8a6efaec702a8b93bce117976f89442f36c8cfd9e7f0566f1838f1c3b1710bb23f6b15de69a6dbd9b4e20a3b1fffb0c17b1a95daccbf5
- SSDEEP
  
  1536:lZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZM:Ud5BJHMqqDL2/Ovvdr+
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence