gandcrab | b8882c7d2366c872e2e82cfb59fe57911cdb413ac5200bc55c3f5bd0218218a5 | Triage

Sharing

General

Target

2025-03-26_45c4a692d5a3f2d3ff0095718c78b101_gandcrab
Size

70KB
Sample

250326-b7yjtav1hy
MD5

45c4a692d5a3f2d3ff0095718c78b101
SHA1

1df21ba1bedc80feb42ee224dfd898bfcb6b4164
SHA256

b8882c7d2366c872e2e82cfb59fe57911cdb413ac5200bc55c3f5bd0218218a5
SHA512

7f7967fa4fc3ca57de74048f3787b201c4c780f3d5957aa0e6b0b4847b8005d472f8d3cb563f9e2def7150b700f536533471cf31a43a7bf4cd254fa07e9974e3
SSDEEP

1536:fZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:2d5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-03-26_45c4a692d5a3f2d3ff0095718c78b101_gandcrab
- Size
  
  70KB
- MD5
  
  45c4a692d5a3f2d3ff0095718c78b101
- SHA1
  
  1df21ba1bedc80feb42ee224dfd898bfcb6b4164
- SHA256
  
  b8882c7d2366c872e2e82cfb59fe57911cdb413ac5200bc55c3f5bd0218218a5
- SHA512
  
  7f7967fa4fc3ca57de74048f3787b201c4c780f3d5957aa0e6b0b4847b8005d472f8d3cb563f9e2def7150b700f536533471cf31a43a7bf4cd254fa07e9974e3
- SSDEEP
  
  1536:fZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:2d5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence