gandcrab | 701b51a0b69223abff8305249126ffbc7887eb2dbc38ff792d594f6b9df4a946 | Triage

Submit
Reports

Overview

overview

Static

static

2024-06-27...ab.exe

windows7-x64

6

2024-06-27...ab.exe

windows10-2004-x64

6

Sharing

General

Target

2024-06-27_f1758a4a9b000ba6f3e9c218fe9c4946_gandcrab
Size

1.0MB
Sample

240627-s7h8ka1alm
MD5

f1758a4a9b000ba6f3e9c218fe9c4946
SHA1

f4b74648459373335540baccbe60e880f8e461cc
SHA256

701b51a0b69223abff8305249126ffbc7887eb2dbc38ff792d594f6b9df4a946
SHA512

503ed45b6314bcc08a8c8522f4154b472a0d60af38363e7a98c8ea7188981c091a9ed068f156786559e2b5f306d8fbcde2384ec47c37d1d9fb0975b67e95785e
SSDEEP

3072:aMSjOnrmBTMqqDL2/mr3IdE8we0Avu5r++ygLIaagvd:aXjOnr6gqqDL64vd

Score

10^/10

gandcrab persistence

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2024-06-27_f1758a4a9b000ba6f3e9c218fe9c4946_gandcrab.exe

Resource

win7-20240221-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-06-27_f1758a4a9b000ba6f3e9c218fe9c4946_gandcrab.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  2024-06-27_f1758a4a9b000ba6f3e9c218fe9c4946_gandcrab
- Size
  
  1.0MB
- MD5
  
  f1758a4a9b000ba6f3e9c218fe9c4946
- SHA1
  
  f4b74648459373335540baccbe60e880f8e461cc
- SHA256
  
  701b51a0b69223abff8305249126ffbc7887eb2dbc38ff792d594f6b9df4a946
- SHA512
  
  503ed45b6314bcc08a8c8522f4154b472a0d60af38363e7a98c8ea7188981c091a9ed068f156786559e2b5f306d8fbcde2384ec47c37d1d9fb0975b67e95785e
- SSDEEP
  
  3072:aMSjOnrmBTMqqDL2/mr3IdE8we0Avu5r++ygLIaagvd:aXjOnr6gqqDL64vd
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy