gandcrab | 4c515c2e7d0a2c93eeaa23d7313234de4ac71d3a7c05fd9694f20cda61e2e12f | Triage

Sharing

General

Target

2025-01-28_30971f9b081aba65575222b761582697_gandcrab
Size

70KB
Sample

250128-rrj99atrdm
MD5

30971f9b081aba65575222b761582697
SHA1

fa6417590cdd3213dbdbe6780bc9bd8d67798378
SHA256

4c515c2e7d0a2c93eeaa23d7313234de4ac71d3a7c05fd9694f20cda61e2e12f
SHA512

55327eeb4776c18ef06b8cb7abe2afbb52dc71816a1ee19cca43b2cb5d7e3ac9e2e807773bcfc43b9553244fa23872c4b50f5f9a9684b5ac3cda434f182ca8b0
SSDEEP

1536:WZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZM:Fd5BJHMqqDL2/Ovvdr+

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-28_30971f9b081aba65575222b761582697_gandcrab
- Size
  
  70KB
- MD5
  
  30971f9b081aba65575222b761582697
- SHA1
  
  fa6417590cdd3213dbdbe6780bc9bd8d67798378
- SHA256
  
  4c515c2e7d0a2c93eeaa23d7313234de4ac71d3a7c05fd9694f20cda61e2e12f
- SHA512
  
  55327eeb4776c18ef06b8cb7abe2afbb52dc71816a1ee19cca43b2cb5d7e3ac9e2e807773bcfc43b9553244fa23872c4b50f5f9a9684b5ac3cda434f182ca8b0
- SSDEEP
  
  1536:WZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZM:Fd5BJHMqqDL2/Ovvdr+
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence