gandcrab | 963759699e3f04269b81882da3d293b02c41d5d5998f749030f8950f7a3d3d56 | Triage

Sharing

General

Target

2025-01-28_3463cf5d64e6d41835143bfc8314c5d2_gandcrab
Size

70KB
Sample

250128-y67gnatlep
MD5

3463cf5d64e6d41835143bfc8314c5d2
SHA1

bc2cec9c124c8f28d6b201cfeeaa0c4fcd5cd032
SHA256

963759699e3f04269b81882da3d293b02c41d5d5998f749030f8950f7a3d3d56
SHA512

676b03b9d26cad23afff3d4981efa170e14c815831929720cfb835a0bd81bcad584a0ef0a9b299312827715b04bf2107333aaaf81fed32f5e1d6802e24d5555d
SSDEEP

1536:wZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:/d5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-28_3463cf5d64e6d41835143bfc8314c5d2_gandcrab
- Size
  
  70KB
- MD5
  
  3463cf5d64e6d41835143bfc8314c5d2
- SHA1
  
  bc2cec9c124c8f28d6b201cfeeaa0c4fcd5cd032
- SHA256
  
  963759699e3f04269b81882da3d293b02c41d5d5998f749030f8950f7a3d3d56
- SHA512
  
  676b03b9d26cad23afff3d4981efa170e14c815831929720cfb835a0bd81bcad584a0ef0a9b299312827715b04bf2107333aaaf81fed32f5e1d6802e24d5555d
- SSDEEP
  
  1536:wZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:/d5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence