gandcrab | a6b17cac392182cb8112c1bc295daf550fdf0266e327687f73b665c05db31efc | Triage

Sharing

General

Target

2025-01-29_3a85332f188d0763bd27f06e1762fa8c_gandcrab
Size

70KB
Sample

250129-cxrh7a1lar
MD5

3a85332f188d0763bd27f06e1762fa8c
SHA1

1a4a98caff613b8f3f1e8e4cb69d5e13197f7f3b
SHA256

a6b17cac392182cb8112c1bc295daf550fdf0266e327687f73b665c05db31efc
SHA512

5b3069f3b0e0f69dc3c7bb09f88aa7a12dce178883537e9798842edac502a720651a36bc9370066f443dd6ed8d3cf4817b611a7e1fafa002c4d82abee0359e42
SSDEEP

1536:pZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Ad5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-29_3a85332f188d0763bd27f06e1762fa8c_gandcrab
- Size
  
  70KB
- MD5
  
  3a85332f188d0763bd27f06e1762fa8c
- SHA1
  
  1a4a98caff613b8f3f1e8e4cb69d5e13197f7f3b
- SHA256
  
  a6b17cac392182cb8112c1bc295daf550fdf0266e327687f73b665c05db31efc
- SHA512
  
  5b3069f3b0e0f69dc3c7bb09f88aa7a12dce178883537e9798842edac502a720651a36bc9370066f443dd6ed8d3cf4817b611a7e1fafa002c4d82abee0359e42
- SSDEEP
  
  1536:pZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Ad5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence