gandcrab | ac180766d0bf48d0c8e9423f606d3a587f0ac570a1b9c5c2d4bf966d39fb6840 | Triage

Sharing

General

Target

2025-04-10_fda0bb9e0800968ae8ddc387b47a2644_elex_gandcrab
Size

70KB
Sample

250410-d5a2vazxg1
MD5

fda0bb9e0800968ae8ddc387b47a2644
SHA1

6f2ba4f2f635cba1bae5fa0eda28cd08915d68f1
SHA256

ac180766d0bf48d0c8e9423f606d3a587f0ac570a1b9c5c2d4bf966d39fb6840
SHA512

7d1dce251244c1c6f245e5d5e433db7bd5a2007dd1b1b04585f25117fac10b9fe5a083a87510827e547c4cc5f79c967f4fb9adbed53fd23eadc78d78b05ee1fd
SSDEEP

1536:yZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:5d5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-04-10_fda0bb9e0800968ae8ddc387b47a2644_elex_gandcrab
- Size
  
  70KB
- MD5
  
  fda0bb9e0800968ae8ddc387b47a2644
- SHA1
  
  6f2ba4f2f635cba1bae5fa0eda28cd08915d68f1
- SHA256
  
  ac180766d0bf48d0c8e9423f606d3a587f0ac570a1b9c5c2d4bf966d39fb6840
- SHA512
  
  7d1dce251244c1c6f245e5d5e433db7bd5a2007dd1b1b04585f25117fac10b9fe5a083a87510827e547c4cc5f79c967f4fb9adbed53fd23eadc78d78b05ee1fd
- SSDEEP
  
  1536:yZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:5d5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence