Overview

overview

10

Static

static

10

2025-01-28...ab.exe

windows7-x64

6

2025-01-28...ab.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-28_316e1f6712f5fcc1bf8dc52ea4705aeb_gandcrab

  • Size

    73KB

  • Sample

    250128-qn4daasphp

  • MD5

    316e1f6712f5fcc1bf8dc52ea4705aeb

  • SHA1

    d6404d406566a30d0381648a2542b7f2bd3f5afb

  • SHA256

    67bf4ffcdf387e84b675d259e45eb0fc30beb4e531693cb26acaad249f2a2272

  • SHA512

    56f86e966f007bd92b0cfddce112af39fe37d927d6ae69acb897c78f11ce0b841d76cd82c208ebcfdf2e9904ea9fb252047f75d2d93886d812fd09583b8a9372

  • SSDEEP

    1536:0555555555555pmgSeGDjtQhnwmmB0yWMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r+:xMSjOnrmBuMqqDL2/mr3IdE8we0Avu5h

Score
10/10
gandcrabdiscoverypersistence

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      2025-01-28_316e1f6712f5fcc1bf8dc52ea4705aeb_gandcrab

    • Size

      73KB

    • MD5

      316e1f6712f5fcc1bf8dc52ea4705aeb

    • SHA1

      d6404d406566a30d0381648a2542b7f2bd3f5afb

    • SHA256

      67bf4ffcdf387e84b675d259e45eb0fc30beb4e531693cb26acaad249f2a2272

    • SHA512

      56f86e966f007bd92b0cfddce112af39fe37d927d6ae69acb897c78f11ce0b841d76cd82c208ebcfdf2e9904ea9fb252047f75d2d93886d812fd09583b8a9372

    • SSDEEP

      1536:0555555555555pmgSeGDjtQhnwmmB0yWMqqU+2bbbAV2/S2mr3IdE8mne0Avu5r+:xMSjOnrmBuMqqDL2/mr3IdE8we0Avu5h

    Score
    6/10
    discoverypersistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks