gandcrab | 4a111ee188ac07994738271eec5b58e1c423c711a6ceaa2c5794fa80c40b95b4 | Triage

Sharing

General

Target

2025-01-27_2ac41e0c66cf4b5e282f9fafa07da460_gandcrab
Size

70KB
Sample

250127-2ch4raykaq
MD5

2ac41e0c66cf4b5e282f9fafa07da460
SHA1

ee59cbed23eae4cc549854c1670281c57c7a30af
SHA256

4a111ee188ac07994738271eec5b58e1c423c711a6ceaa2c5794fa80c40b95b4
SHA512

6c5f6c98c07f5d9566977eac90d2f47eeb1aedd41fcb6a5d6152f3eb139de80912f65c33e6f897cb2c179d47e4e3616bbc92b5674f061fd96b29d3f575f8b018
SSDEEP

1536:ezzzzzzzzADypczUk+lkZJWMqqUM2Ovvd67:Bd5BJWMqqMOvvd

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-27_2ac41e0c66cf4b5e282f9fafa07da460_gandcrab
- Size
  
  70KB
- MD5
  
  2ac41e0c66cf4b5e282f9fafa07da460
- SHA1
  
  ee59cbed23eae4cc549854c1670281c57c7a30af
- SHA256
  
  4a111ee188ac07994738271eec5b58e1c423c711a6ceaa2c5794fa80c40b95b4
- SHA512
  
  6c5f6c98c07f5d9566977eac90d2f47eeb1aedd41fcb6a5d6152f3eb139de80912f65c33e6f897cb2c179d47e4e3616bbc92b5674f061fd96b29d3f575f8b018
- SSDEEP
  
  1536:ezzzzzzzzADypczUk+lkZJWMqqUM2Ovvd67:Bd5BJWMqqMOvvd
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence