gandcrab | c172f40e46441f942da4f281d5e46b4bac5ad153153ce0b51f72b424f1ddf51e | Triage

Sharing

General

Target

2025-01-28_3327bd075f5febd239f11d64410a7cc4_gandcrab
Size

70KB
Sample

250128-tv6c1atrey
MD5

3327bd075f5febd239f11d64410a7cc4
SHA1

b0fab01ab5adcdf8cb1212c4ed9e48712bd49c05
SHA256

c172f40e46441f942da4f281d5e46b4bac5ad153153ce0b51f72b424f1ddf51e
SHA512

71b40be4c8ced14a632dcfcda24a9bb8cbb56a198f67d11dbd224f0f37c5e0a48932962df048aaf84ebce569e0936483d69e74efbf9bf97027385603b569cfdc
SSDEEP

1536:PZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:md5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-28_3327bd075f5febd239f11d64410a7cc4_gandcrab
- Size
  
  70KB
- MD5
  
  3327bd075f5febd239f11d64410a7cc4
- SHA1
  
  b0fab01ab5adcdf8cb1212c4ed9e48712bd49c05
- SHA256
  
  c172f40e46441f942da4f281d5e46b4bac5ad153153ce0b51f72b424f1ddf51e
- SHA512
  
  71b40be4c8ced14a632dcfcda24a9bb8cbb56a198f67d11dbd224f0f37c5e0a48932962df048aaf84ebce569e0936483d69e74efbf9bf97027385603b569cfdc
- SSDEEP
  
  1536:PZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:md5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence