Overview

overview

10

Static

static

10

38ef412084...03.exe

windows7_x64

10

38ef412084...03.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38ef412084e84d16b80040a96045ababf33f431fda6eb04dc26b8bb69066c803

  • Size

    73KB

  • Sample

    220625-w378nshdf7

  • MD5

    d181e1f9d10234cd3571c22aa034a439

  • SHA1

    04338a42a117079d5c0ef400226e6c1e3e4f6dfd

  • SHA256

    38ef412084e84d16b80040a96045ababf33f431fda6eb04dc26b8bb69066c803

  • SHA512

    73d0e2150095b53b7f5038ec727d5a39aeae416811802b128b39a1461cd567a51abd7eb390c4fd0c347412b38cf5dde17b857ae546f524588178489e5d5b5a97

Score
10/10
gandcrabpersistencesuricata

Malware Config

Targets

    • Target

      38ef412084e84d16b80040a96045ababf33f431fda6eb04dc26b8bb69066c803

    • Size

      73KB

    • MD5

      d181e1f9d10234cd3571c22aa034a439

    • SHA1

      04338a42a117079d5c0ef400226e6c1e3e4f6dfd

    • SHA256

      38ef412084e84d16b80040a96045ababf33f431fda6eb04dc26b8bb69066c803

    • SHA512

      73d0e2150095b53b7f5038ec727d5a39aeae416811802b128b39a1461cd567a51abd7eb390c4fd0c347412b38cf5dde17b857ae546f524588178489e5d5b5a97

    Score
    10/10
    persistencesuricata

    • suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)

      suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)

      suricata

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks