gandcrab | 38dae9e865a6bbb28e22811518968512a72dd5b7c08831814789d1780cfe53b5 | Triage

Sharing

General

Target

38dae9e865a6bbb28e22811518968512a72dd5b7c08831814789d1780cfe53b5
Size

70KB
Sample

220625-xc1lkshhd4
MD5

75f0f4d19fe170e19516d88c88dffbd4
SHA1

362d48272e419197aed95ea907e08bd7849e4524
SHA256

38dae9e865a6bbb28e22811518968512a72dd5b7c08831814789d1780cfe53b5
SHA512

3dd8f209c6e344c5fb9bb651d7a6a16af7264fcf2698624fc0027260206040674b85246dceb44b804224194ed1000379cc32c8b0ce68f62ded18f68405249347

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  38dae9e865a6bbb28e22811518968512a72dd5b7c08831814789d1780cfe53b5
- Size
  
  70KB
- MD5
  
  75f0f4d19fe170e19516d88c88dffbd4
- SHA1
  
  362d48272e419197aed95ea907e08bd7849e4524
- SHA256
  
  38dae9e865a6bbb28e22811518968512a72dd5b7c08831814789d1780cfe53b5
- SHA512
  
  3dd8f209c6e344c5fb9bb651d7a6a16af7264fcf2698624fc0027260206040674b85246dceb44b804224194ed1000379cc32c8b0ce68f62ded18f68405249347
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2