gandcrab | 4943238834a3659d2da31c0420bbbc4427f850bc637874a688d7d6445c566bfc | Triage

Sharing

General

Target

2025-04-09_e03d1a7ac69135c69cdada0e87daff8e_gandcrab
Size

70KB
Sample

250409-c2wzgaxl17
MD5

e03d1a7ac69135c69cdada0e87daff8e
SHA1

7f672668be2a69900080ab8f804ad71d11c9c33f
SHA256

4943238834a3659d2da31c0420bbbc4427f850bc637874a688d7d6445c566bfc
SHA512

8f34d80c23cc1f5d6c23e51370f375b7afb119401a57af3fdb8f9015df58517795d2260a53cddce8e96d606b37be60d373de2b75170a2b950aac3f1223042a23
SSDEEP

1536:LZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Kd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-04-09_e03d1a7ac69135c69cdada0e87daff8e_gandcrab
- Size
  
  70KB
- MD5
  
  e03d1a7ac69135c69cdada0e87daff8e
- SHA1
  
  7f672668be2a69900080ab8f804ad71d11c9c33f
- SHA256
  
  4943238834a3659d2da31c0420bbbc4427f850bc637874a688d7d6445c566bfc
- SHA512
  
  8f34d80c23cc1f5d6c23e51370f375b7afb119401a57af3fdb8f9015df58517795d2260a53cddce8e96d606b37be60d373de2b75170a2b950aac3f1223042a23
- SSDEEP
  
  1536:LZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Kd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence