Overview

overview

10

Static

static

10

cf630d34bb...10.exe

windows7_x64

10

cf630d34bb...10.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf630d34bb616faf2acb116861a5935dc7af220086a36dea226cbe6020474e10

  • Size

    69KB

  • Sample

    220625-jpr83seah5

  • MD5

    454d49e5c6d2651576ab93b43c399a50

  • SHA1

    19c202960b71d0875ccdef07d2caeea18909597e

  • SHA256

    cf630d34bb616faf2acb116861a5935dc7af220086a36dea226cbe6020474e10

  • SHA512

    61d70cbe20db4b030004351a845ebbb929fbe4af09ebf82f9dfecca836984ac69dc506fc3c50a6f7b9e2693aa65de1d3be7ee454102a4707e1d89a62215b8105

Score
10/10
gandcrabpersistencesuricata

Malware Config

Targets

    • Target

      cf630d34bb616faf2acb116861a5935dc7af220086a36dea226cbe6020474e10

    • Size

      69KB

    • MD5

      454d49e5c6d2651576ab93b43c399a50

    • SHA1

      19c202960b71d0875ccdef07d2caeea18909597e

    • SHA256

      cf630d34bb616faf2acb116861a5935dc7af220086a36dea226cbe6020474e10

    • SHA512

      61d70cbe20db4b030004351a845ebbb929fbe4af09ebf82f9dfecca836984ac69dc506fc3c50a6f7b9e2693aa65de1d3be7ee454102a4707e1d89a62215b8105

    Score
    10/10
    persistencesuricata

    • suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)

      suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)

      suricata

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks