gandcrab | 9564ad75050c2f32ec10e7a9a52155a6e1848736fd2d1f6e40ca72e9dc066d94 | Triage

Sharing

General

Target

2025-04-09_b420a40d149a87c27db9706b84e78f7e_gandcrab
Size

70KB
Sample

250409-f9ea6szzct
MD5

b420a40d149a87c27db9706b84e78f7e
SHA1

606963e0078eee97dd41c68cace60c6e9c1fdf18
SHA256

9564ad75050c2f32ec10e7a9a52155a6e1848736fd2d1f6e40ca72e9dc066d94
SHA512

541694fd8dd2cfc1e8bdea90f2e21f2e0b72d978e628e2e2ce594db2c048f6b4b20fe4cfb23c85e83c6c2795a159dcb38366d1f39df3e96bf864c3b91a71b758
SSDEEP

1536:uZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Nd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-04-09_b420a40d149a87c27db9706b84e78f7e_gandcrab
- Size
  
  70KB
- MD5
  
  b420a40d149a87c27db9706b84e78f7e
- SHA1
  
  606963e0078eee97dd41c68cace60c6e9c1fdf18
- SHA256
  
  9564ad75050c2f32ec10e7a9a52155a6e1848736fd2d1f6e40ca72e9dc066d94
- SHA512
  
  541694fd8dd2cfc1e8bdea90f2e21f2e0b72d978e628e2e2ce594db2c048f6b4b20fe4cfb23c85e83c6c2795a159dcb38366d1f39df3e96bf864c3b91a71b758
- SSDEEP
  
  1536:uZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Nd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence