gandcrab | 81d67741d4982b4943832718e0267323677e88cb1cfa5ce25e25d375df0d4620 | Triage

Sharing

General

Target

2025-03-26_cf25636d5c11ffefc8a425db9aa405d3_gandcrab
Size

70KB
Sample

250326-ee99paxscw
MD5

cf25636d5c11ffefc8a425db9aa405d3
SHA1

8c4c1714138a7b33bd8cb8c3d5a9c07d828ff82a
SHA256

81d67741d4982b4943832718e0267323677e88cb1cfa5ce25e25d375df0d4620
SHA512

688aa916fb7f53b58f7265d495e517f495591af15280e2c664bb60dd5ff22cac29fbe4acb62cfc5aa5cdfa818caecbf55357d20c88580d2828bf4341690200e8
SSDEEP

1536:+LZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2Ovvdr:Zd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-03-26_cf25636d5c11ffefc8a425db9aa405d3_gandcrab
- Size
  
  70KB
- MD5
  
  cf25636d5c11ffefc8a425db9aa405d3
- SHA1
  
  8c4c1714138a7b33bd8cb8c3d5a9c07d828ff82a
- SHA256
  
  81d67741d4982b4943832718e0267323677e88cb1cfa5ce25e25d375df0d4620
- SHA512
  
  688aa916fb7f53b58f7265d495e517f495591af15280e2c664bb60dd5ff22cac29fbe4acb62cfc5aa5cdfa818caecbf55357d20c88580d2828bf4341690200e8
- SSDEEP
  
  1536:+LZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2Ovvdr:Zd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence