gandcrab | e450f29da4e3e329e843b5a258918629842d5a5d4bcf42666939bb5e21efe2b6 | Triage

Sharing

General

Target

2025-04-11_9416cd33e16f848261bd3eea4adbbe15_elex_gandcrab
Size

76KB
Sample

250411-fmjblszpt6
MD5

9416cd33e16f848261bd3eea4adbbe15
SHA1

57468d83132608926f90cc06d2bf9d8438389d4f
SHA256

e450f29da4e3e329e843b5a258918629842d5a5d4bcf42666939bb5e21efe2b6
SHA512

70cc60e93ee3c377d1ef79fa13623fcd336ceb4ab102f1403b16b5483a07a3d33a98dab79363c286cd8b8324c3dda37afcff68613891902a88e1dd34bd21fa48
SSDEEP

1536:JZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd5:1BounVyFHpfMqqDL2/Lkvd5

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-04-11_9416cd33e16f848261bd3eea4adbbe15_elex_gandcrab
- Size
  
  76KB
- MD5
  
  9416cd33e16f848261bd3eea4adbbe15
- SHA1
  
  57468d83132608926f90cc06d2bf9d8438389d4f
- SHA256
  
  e450f29da4e3e329e843b5a258918629842d5a5d4bcf42666939bb5e21efe2b6
- SHA512
  
  70cc60e93ee3c377d1ef79fa13623fcd336ceb4ab102f1403b16b5483a07a3d33a98dab79363c286cd8b8324c3dda37afcff68613891902a88e1dd34bd21fa48
- SSDEEP
  
  1536:JZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd5:1BounVyFHpfMqqDL2/Lkvd5
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence