gandcrab | e1b4be1855be625a005d4db29b31c1529386a3d45c7fd193f52d9dc0b413ee27 | Triage

Sharing

General

Target

2025-01-27_2e2ddf9bcff76f5a0fcc1ee95473e1f0_gandcrab
Size

70KB
Sample

250127-vzypdszmep
MD5

2e2ddf9bcff76f5a0fcc1ee95473e1f0
SHA1

f3ffb35f6ae86a8258577c393b127e789c1a19ca
SHA256

e1b4be1855be625a005d4db29b31c1529386a3d45c7fd193f52d9dc0b413ee27
SHA512

5d5f236d1dd0808aeac8a09ec4153d416abda09759c532cd68f79e947d3e3413054d94a1d931dc43474096801f987a6204233dee474a84019e001575ae71c4f4
SSDEEP

1536:DZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:yd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-27_2e2ddf9bcff76f5a0fcc1ee95473e1f0_gandcrab
- Size
  
  70KB
- MD5
  
  2e2ddf9bcff76f5a0fcc1ee95473e1f0
- SHA1
  
  f3ffb35f6ae86a8258577c393b127e789c1a19ca
- SHA256
  
  e1b4be1855be625a005d4db29b31c1529386a3d45c7fd193f52d9dc0b413ee27
- SHA512
  
  5d5f236d1dd0808aeac8a09ec4153d416abda09759c532cd68f79e947d3e3413054d94a1d931dc43474096801f987a6204233dee474a84019e001575ae71c4f4
- SSDEEP
  
  1536:DZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:yd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence